Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
H3G7Xu6gih.exe

Overview

General Information

Sample name:H3G7Xu6gih.exe
renamed because original name is a hash value
Original sample name:73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8.exe
Analysis ID:1577524
MD5:f7cdd37705bd314230ac86f43756d0ba
SHA1:597a28dc407bd232db2d891b51d40b2a779f89af
SHA256:73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8
Tags:92-255-85-148exeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • H3G7Xu6gih.exe (PID: 6192 cmdline: "C:\Users\user\Desktop\H3G7Xu6gih.exe" MD5: F7CDD37705BD314230AC86F43756D0BA)
    • cmd.exe (PID: 6700 cmdline: "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2836 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 4896 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 6156 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3192 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6188 cmdline: cmd /c md 378864 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 2836 cmdline: findstr /V "TRIBUTEBOOTYSTANTIQUE" Flexible MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 4180 cmdline: cmd /c copy /b ..\Shuttle + ..\Worcester + ..\Reservation + ..\Signed + ..\Vulnerability + ..\Choices + ..\Schemes + ..\Chambers + ..\Denied + ..\Elite + ..\Acute + ..\Vegas k MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Senegal.com (PID: 6076 cmdline: Senegal.com k MD5: C63860691927D62432750013B5A20F5F)
        • Senegal.com (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\378864\Senegal.com MD5: C63860691927D62432750013B5A20F5F)
          • svchost.exe (PID: 1432 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • chrome.exe (PID: 2896 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDACB.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/0e638796" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
              • chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2464,i,13374122703078418227,12941019929356624603,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
            • msedge.exe (PID: 6176 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE403.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/706c4b13" MD5: 69222B8101B0601CC6663F8381E7E00F)
              • msedge.exe (PID: 7324 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2076,i,5654214914569554567,17615992490036204996,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
            • wmprph.exe (PID: 3488 cmdline: "C:\Program Files\Windows Media Player\wmprph.exe" MD5: B4298167D12E6AC4618518E0B6326802)
              • dllhost.exe (PID: 6832 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
          • WerFault.exe (PID: 3808 cmdline: C:\Windows\system32\WerFault.exe -u -p 6636 -s 388 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • choice.exe (PID: 5288 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 7348 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/d0e2335e/706c4b13 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7772 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5876 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4356 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2824 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 760 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3088 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 5268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3964 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.2347547624.000001B9B80D1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        0000000F.00000003.1785387835.000001B9B7DC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000000E.00000003.1781088392.0000012FE9830000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            15.3.svchost.exe.1b9ba2b0000.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              14.3.Senegal.com.12febc90000.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                14.3.Senegal.com.12feb9b0000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  14.3.Senegal.com.12febc90000.5.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    15.3.svchost.exe.1b9b9fd0000.4.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      Sigma detected: Dllhost Internet Connection
                      Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 92.255.85.148, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 6832, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49755
                      Sigma detected: Suspicious Copy From or To System Directory
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\H3G7Xu6gih.exe", ParentImage: C:\Users\user\Desktop\H3G7Xu6gih.exe, ParentProcessId: 6192, ParentProcessName: H3G7Xu6gih.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd, ProcessId: 6700, ProcessName: cmd.exe
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\378864\Senegal.com, ParentImage: C:\Users\user\AppData\Local\Temp\378864\Senegal.com, ParentProcessId: 6636, ParentProcessName: Senegal.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 1432, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\378864\Senegal.com, ParentImage: C:\Users\user\AppData\Local\Temp\378864\Senegal.com, ParentProcessId: 6636, ParentProcessName: Senegal.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 1432, ProcessName: svchost.exe

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Sigma detected: Search for Antivirus process
                      Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6700, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3192, ProcessName: findstr.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-18T14:55:43.431685+010028548242Potentially Bad Traffic185.147.124.2442456192.168.2.1049726TCP
                      2024-12-18T14:55:55.959126+010028548242Potentially Bad Traffic185.147.124.2442456192.168.2.1049748TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-18T14:54:41.117781+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049866TCP
                      2024-12-18T14:54:41.117781+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049872TCP
                      2024-12-18T14:55:17.961645+010028548021Domain Observed Used for C2 Detected185.147.124.2442456192.168.2.1049707TCP
                      2024-12-18T14:55:43.431685+010028548021Domain Observed Used for C2 Detected185.147.124.2442456192.168.2.1049726TCP
                      2024-12-18T14:55:55.959126+010028548021Domain Observed Used for C2 Detected185.147.124.2442456192.168.2.1049748TCP
                      2024-12-18T14:56:07.289584+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049755TCP
                      2024-12-18T14:56:14.584792+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049781TCP
                      2024-12-18T14:56:21.861128+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049797TCP
                      2024-12-18T14:56:29.109640+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049812TCP
                      2024-12-18T14:56:36.385723+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049829TCP
                      2024-12-18T14:56:43.659132+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1049849TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: H3G7Xu6gih.exeReversingLabs: Detection: 39%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F460F0 CryptUnprotectData,15_3_00007DF4C7F460F0
                      Source: H3G7Xu6gih.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49781 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49797 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49812 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49829 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49849 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49866 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49872 version: TLS 1.2
                      Source: H3G7Xu6gih.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: kernel32.pdbUGP source: Senegal.com, 0000000E.00000003.1783094971.0000012FEBA70000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1783019309.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786629131.000001B9BA090000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786557279.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: Senegal.com, 0000000E.00000003.1782643664.0000012FEBBA0000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1782459766.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1786336454.000001B9BA1C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786164450.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: Senegal.com, 0000000E.00000003.1783094971.0000012FEBA70000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1783019309.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1786629131.000001B9BA090000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786557279.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: Senegal.com, 0000000E.00000003.1782643664.0000012FEBBA0000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1782459766.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786336454.000001B9BA1C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786164450.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmprph.exe, 00000023.00000003.2226301115.0000028A4F830000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2226260444.0000028A4F800000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmprph.exe, 00000023.00000003.2226301115.0000028A4F830000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2226260444.0000028A4F800000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A994CE3C GetFileAttributesW,FindFirstFileW,FindClose,14_2_00007FF7A994CE3C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9912DE0 FindFirstFileExW,14_2_00007FF7A9912DE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F40B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,15_3_00007DF4C7F40B80
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9945BC8 GetLogicalDriveStringsW,QueryDosDeviceW,14_2_0000012FE9945BC8
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\378864\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\378864Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 4x nop then dec esp35_2_0000028A4DD75681
                      Source: chrome.exeMemory has grown: Private usage: 1MB later: 21MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.147.124.244:2456 -> 192.168.2.10:49707
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.147.124.244:2456 -> 192.168.2.10:49726
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 185.147.124.244:2456 -> 192.168.2.10:49748
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49755
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49797
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49781
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49812
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49829
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49849
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49866
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.10:49872
                      Source: global trafficTCP traffic: 192.168.2.10:49707 -> 185.147.124.244:2456
                      Source: Joe Sandbox ViewIP Address: 62.149.0.30 62.149.0.30
                      Source: Joe Sandbox ViewIP Address: 94.245.104.56 94.245.104.56
                      Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.147.124.244:2456 -> 192.168.2.10:49726
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 185.147.124.244:2456 -> 192.168.2.10:49748
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.147.124.244
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficDNS traffic detected: DNS query: saUAIEVgZoURlhJFQUK.saUAIEVgZoURlhJFQUK
                      Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                      Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                      Source: global trafficDNS traffic detected: DNS query: time.google.com
                      Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                      Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                      Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                      Source: global trafficDNS traffic detected: DNS query: ntp1.net.berkeley.edu
                      Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: svchost.exe, 0000000F.00000003.2107683147.000001B9BA631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2096994367.000001B9BA461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0
                      Source: chrome.exe, 00000015.00000002.1990008300.00003D140228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006503718.00003D1402774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008982015.00003D1402BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993124267.00003D140234C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/
                      Source: chrome.exe, 00000015.00000002.2008982015.00003D1402BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/_
                      Source: History.26.drString found in binary or memory: http://127.0.0.1/d0e2335e/706c4b13
                      Source: wmprph.exe, 00000023.00000002.2750834156.00007DF43C6DD000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257538988.0000028A4DF71000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257384013.0000028A4DF09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%u
                      Source: wmprph.exe, 00000023.00000002.2750834156.00007DF43C6DD000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257538988.0000028A4DF71000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257384013.0000028A4DF09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%u...
                      Source: wmprph.exe, 00000023.00000003.2257384013.0000028A4DF09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%uws:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinit
                      Source: 000003.log3.26.drString found in binary or memory: http://127.0.0.1:8000/
                      Source: chrome.exe, 00000015.00000002.1987647089.000003B000238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1988151122.000003B0002F5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2011973033.000041A000254000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009330148.00003D1402C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796
                      Source: chrome.exe, 00000015.00000002.2008982015.00003D1402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e6387960(p
                      Source: chrome.exe, 00000015.00000002.2009216580.00003D1402C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796=
                      Source: chrome.exe, 00000015.00000002.2009216580.00003D1402C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796http://127.0.0.1:8000/d0e2335e/0e638796
                      Source: chrome.exe, 00000015.00000002.2010986010.00003D1402F74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796inFrame
                      Source: chrome.exe, 00000015.00000002.2010986010.00003D1402F74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796ination
                      Source: chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009574386.00003D1402CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796o
                      Source: chrome.exe, 00000015.00000002.2010986010.00003D1402F74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796ppend
                      Source: chrome.exe, 00000015.00000002.2010986010.00003D1402F74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/0e638796yPolicy
                      Source: History.26.drString found in binary or memory: http://127.0.0.1:8000/d0e2335e/706c4b13
                      Source: History.26.drString found in binary or memory: http://127.0.0.1:8000/d0e2335e/706c4b13/
                      Source: msedge.exe, 00000018.00000002.2064943513.000001F27C269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/706c4b13User
                      Source: msedge.exe, 00000018.00000002.2064977652.000001F27C27C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/706c4b13es
                      Source: svchost.exe, 0000000F.00000003.2055724350.000001B9BA406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/d0e2335e/706c4b13msedge.exe
                      Source: svchost.exe, 0000000F.00000003.2096994367.000001B9BA461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.01:
                      Source: svchost.exe, 0000000F.00000003.2107683147.000001B9BA631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.01:8000/d0e2335e/706c4b13
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862i
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970x
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028353175.0000592C003C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028353175.0000592C003C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901rm
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028353175.0000592C003C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028353175.0000592C003C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                      Source: chrome.exe, 00000015.00000002.2006847206.00003D140280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globa
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globaH
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                      Source: H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: chrome.exe, 00000015.00000002.1992960208.00003D1402330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
                      Source: chrome.exe, 00000015.00000002.1989798914.00003D1402266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://ocsp.digicert.com0
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://ocsp.digicert.com0A
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://ocsp.digicert.com0X
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                      Source: chrome.exe, 00000015.00000002.2008832939.00003D1402B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                      Source: chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                      Source: Senegal.comString found in binary or memory: http://www.autoitscript.com/autoit3/
                      Source: H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Senegal.com, 0000000B.00000000.1548491394.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmp, Senegal.com, 0000000E.00000000.1715717205.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                      Source: H3G7Xu6gih.exeString found in binary or memory: http://www.digicert.com/CPS0
                      Source: chrome.exe, 00000015.00000002.2009014348.00003D1402BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                      Source: svchost.exe, 0000000F.00000002.2346418545.00000004B97AC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2347996053.000001B9BA3AF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2347484343.000001B9B7FEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345766544.000001B9BA3AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345970375.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2347346284.000001B9B7F05000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000023.00000002.2747691307.0000028A4E1E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.147.124.244:2456/b3ad89898301a3d857946a/r5p0n0t5.vxx0f
                      Source: svchost.exe, 0000000F.00000002.2347484343.000001B9B7FEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345970375.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.147.124.244:2456/b3ad89898301a3d857946a/r5p0n0t5.vxx0fSess
                      Source: svchost.exe, 0000000F.00000002.2347484343.000001B9B7FEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345970375.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://185.147.124.244:2456/b3ad89898301a3d857946a/r5p0n0t5.vxx0fSymb
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                      Source: chrome.exe, 00000015.00000002.1990037460.00003D1402298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                      Source: chrome.exe, 00000015.00000002.1989727669.00003D140220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
                      Source: chrome.exe, 00000015.00000002.2006748991.00003D14027E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1989798914.00003D1402240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1995883647.00003D14025A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logouth
                      Source: chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                      Source: chrome.exe, 00000015.00000002.2009249675.00003D1402C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
                      Source: chrome.exe, 00000015.00000002.2009249675.00003D1402C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1=
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                      Source: chrome.exe, 00000015.00000002.1990476949.00003D14022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                      Source: chrome.exe, 00000015.00000002.1990476949.00003D14022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                      Source: chrome.exe, 00000015.00000002.1990476949.00003D14022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                      Source: chrome.exe, 00000015.00000002.1990037460.00003D1402298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                      Source: chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke0
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                      Source: chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin0
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: msedge.exe, 00000018.00000002.2065294510.000001F27C2D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                      Source: chrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                      Source: chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                      Source: chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico485bf7d3-0215-45af-87dc-538868000101
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009606545.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978700659.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000015.00000002.2009606545.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978700659.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                      Source: chrome.exe, 00000015.00000002.2009606545.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978700659.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008832939.00003D1402B60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006748991.00003D14027E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: chrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2094284959.0000592C0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: manifest.json.31.drString found in binary or memory: https://chrome.google.com/webstore/
                      Source: chrome.exe, 00000015.00000002.2006748991.00003D14027E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5B44D08FD98F1523ED5837D78D0A606EA9D6206E5
                      Source: chrome.exe, 00000015.00000002.2009216580.00003D1402C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009014348.00003D1402BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008946715.00003D1402B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D14026B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
                      Source: chrome.exe, 00000015.00000002.1997444315.00003D14026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBWeb
                      Source: chrome.exe, 00000015.00000002.1997444315.00003D14026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB~k
                      Source: chrome.exe, 00000015.00000002.2009284120.00003D1402C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979261357.00003D1402E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008397743.00003D1402A64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979569420.00003D1402E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010506934.00003D1402E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: chrome.exe, 00000015.00000002.1989727669.00003D140220C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2095257080.0000592C0016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.31.drString found in binary or memory: https://chromewebstore.google.com/
                      Source: msedge.exe, 00000018.00000002.2095257080.0000592C0016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/Y
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/_h
                      Source: svchost.exe, 0000000F.00000003.2055724350.000001B9BA406000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1961365813.00001E6C002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1961389933.00001E6C002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                      Source: chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2094437191.0000592C0002C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.31.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx0
                      Source: chrome.exe, 00000015.00000002.1993124267.00003D140234C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
                      Source: chrome.exe, 00000015.00000002.2006847206.00003D140280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxstart
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                      Source: chrome.exe, 00000015.00000002.2006847206.00003D140280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009606545.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978700659.00003D1402D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: svchost.exe, 0000000F.00000003.1803486882.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 0000000F.00000003.1803486882.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryMachineGuidSOFTWARE
                      Source: svchost.exe, 0000000F.00000003.2058077938.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2058226529.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                      Source: svchost.exe, 0000000F.00000003.2058077938.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2058226529.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                      Source: manifest.json0.31.drString found in binary or memory: https://docs.google.com/
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                      Source: chrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-autopush.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-preprod.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive-staging.corp.google.com/
                      Source: manifest.json0.31.drString found in binary or memory: https://drive.google.com/
                      Source: chrome.exe, 00000015.00000002.2008236237.00003D1402A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                      Source: chrome.exe, 00000015.00000002.2008236237.00003D1402A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                      Source: chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: msedge.exe, 00000018.00000002.2095630485.0000592C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                      Source: chrome.exe, 00000015.00000002.2006647802.00003D14027B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                      Source: msedge.exe, 00000018.00000002.2095630485.0000592C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 00000018.00000002.2095630485.0000592C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: chrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                      Source: chrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                      Source: chrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                      Source: chrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                      Source: msedge.exe, 00000018.00000002.2095630485.0000592C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.htmlY
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: chrome.exe, 00000015.00000002.1990037460.00003D1402298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                      Source: chrome.exe, 00000015.00000002.1990476949.00003D14022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                      Source: chrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
                      Source: chrome.exe, 00000015.00000002.2009014348.00003D1402BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                      Source: chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/nC
                      Source: chrome.exe, 00000015.00000002.2008698204.00003D1402B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ww.google.com/
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                      Source: chrome.exe, 00000015.00000002.2009939576.00003D1402D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: chrome.exe, 00000015.00000002.2009939576.00003D1402D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/F
                      Source: chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                      Source: chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                      Source: Senegal.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: H3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmp, H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Pdas.0.dr, Senegal.com.2.drString found in binary or memory: https://www.globalsign.com/repository/06
                      Source: chrome.exe, 00000015.00000002.2007907551.00003D14029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006748991.00003D14027E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: chrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                      Source: content.js.31.drString found in binary or memory: https://www.google.com/chrome
                      Source: chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007907551.00003D14029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                      Source: chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007907551.00003D14029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                      Source: svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009868941.00003D1402D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996417434.00003D1402628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                      Source: chrome.exe, 00000015.00000002.1989727669.00003D140220C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                      Source: chrome.exe, 00000015.00000002.2006549989.00003D140278C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                      Source: chrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979868586.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010006250.00003D1402DA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                      Source: chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49781 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49797 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49812 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49829 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49849 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49866 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.10:49872 version: TLS 1.2
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                      Source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_25e1ea98-7
                      Source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d52538ac-a
                      Source: Yara matchFile source: 15.3.svchost.exe.1b9ba2b0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Senegal.com.12febc90000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Senegal.com.12feb9b0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Senegal.com.12febc90000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1b9b9fd0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Senegal.com.12feb9b0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1b9b9fd0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1b9ba2b0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Senegal.com PID: 6636, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1432, type: MEMORYSTR
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F408CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,15_3_00007DF4C7F408CC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE99464C0 NtQuerySystemInformation,NtQuerySystemInformation,GetTokenInformation,CloseHandle,CloseHandle,14_2_0000012FE99464C0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9945FA0 NtQueryInformationProcess,14_2_0000012FE9945FA0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9948AE0 NtQuerySystemInformation,malloc,NtQuerySystemInformation,K32GetProcessImageFileNameW,14_2_0000012FE9948AE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,15_3_00007DF4C7F4E910
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E094 NtAcceptConnectPort,15_3_00007DF4C7F4E094
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E150 NtAcceptConnectPort,15_3_00007DF4C7F4E150
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E170 NtAcceptConnectPort,15_3_00007DF4C7F4E170
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4F180 RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,15_3_00007DF4C7F4F180
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E25C NtAcceptConnectPort,15_3_00007DF4C7F4E25C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4F32C NtAcceptConnectPort,free,15_3_00007DF4C7F4F32C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E3C8 NtAcceptConnectPort,15_3_00007DF4C7F4E3C8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F4E3E8 NtAcceptConnectPort,15_3_00007DF4C7F4E3E8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_00007DF43C661CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,35_3_00007DF43C661CE8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_00007DF43C661958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,35_3_00007DF43C661958
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82EC8 NtAcceptConnectPort,35_2_0000028A4DD82EC8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82E84 NtAcceptConnectPort,35_2_0000028A4DD82E84
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82DDC NtAcceptConnectPort,35_2_0000028A4DD82DDC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82DAC NtAcceptConnectPort,35_2_0000028A4DD82DAC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82D80 NtAcceptConnectPort,35_2_0000028A4DD82D80
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8290C NtAcceptConnectPort,35_2_0000028A4DD8290C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82A20 NtAcceptConnectPort,35_2_0000028A4DD82A20
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD83158 NtAcceptConnectPort,35_2_0000028A4DD83158
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD82CAC NtAcceptConnectPort,35_2_0000028A4DD82CAC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6725D4 NtQuerySystemInformation,free,malloc,NtQuerySystemInformation,35_2_00007DF43C6725D4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6C2E90 NtQuerySystemInformation,malloc,NtQuerySystemInformation,35_2_00007DF43C6C2E90
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D213970 NtQuerySystemInformation,38_2_0000026D8D213970
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_00403883
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeFile created: C:\Windows\LikeCleanJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeFile created: C:\Windows\OclcChickJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_0040497C0_2_0040497C
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00406ED20_2_00406ED2
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004074BB0_2_004074BB
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98EEAA814_2_00007FF7A98EEAA8
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98DB9B014_2_00007FF7A98DB9B0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E095014_2_00007FF7A98E0950
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9968CB014_2_00007FF7A9968CB0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9916C7414_2_00007FF7A9916C74
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9912BB014_2_00007FF7A9912BB0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98DAEC014_2_00007FF7A98DAEC0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E2EE014_2_00007FF7A98E2EE0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A997AE1014_2_00007FF7A997AE10
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9907DFC14_2_00007FF7A9907DFC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98FBD4414_2_00007FF7A98FBD44
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E3D7014_2_00007FF7A98E3D70
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E203B14_2_00007FF7A98E203B
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98EF07014_2_00007FF7A98EF070
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98FBFC014_2_00007FF7A98FBFC0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9981F4014_2_00007FF7A9981F40
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9902F6C14_2_00007FF7A9902F6C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A997C28414_2_00007FF7A997C284
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E626014_2_00007FF7A98E6260
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A991229014_2_00007FF7A9912290
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98FC28C14_2_00007FF7A98FC28C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990827014_2_00007FF7A9908270
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A991512C14_2_00007FF7A991512C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F549C14_2_00007FF7A98F549C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D24D414_2_00007FF7A98D24D4
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F436414_2_00007FF7A98F4364
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990936014_2_00007FF7A9909360
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A99116D014_2_00007FF7A99116D0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A99076EC14_2_00007FF7A99076EC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990A65014_2_00007FF7A990A650
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A991668014_2_00007FF7A9916680
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A99015E014_2_00007FF7A99015E0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D452814_2_00007FF7A98D4528
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98E182014_2_00007FF7A98E1820
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D282014_2_00007FF7A98D2820
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98FF76014_2_00007FF7A98FF760
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D879014_2_00007FF7A98D8790
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9955E8D14_2_0000012FE9955E8D
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE99451BC14_2_0000012FE99451BC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE994E4EA14_2_0000012FE994E4EA
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE994150014_2_0000012FE9941500
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9947FE814_2_0000012FE9947FE8
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE994442C14_2_0000012FE994442C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE994B43C14_2_0000012FE994B43C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9942F0014_2_0000012FE9942F00
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9949B4C14_2_0000012FE9949B4C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9949E9814_2_0000012FE9949E98
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE99469D814_2_0000012FE99469D8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9BA000CA015_3_000001B9BA000CA0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B9FD949015_3_000001B9B9FD9490
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B9FD2C8815_3_000001B9B9FD2C88
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9BA0DACCC15_3_000001B9BA0DACCC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B9FE344C15_3_000001B9B9FE344C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B9FE0C4015_3_000001B9B9FE0C40
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9BA09C50015_3_000001B9BA09C500
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B9FD83E415_3_000001B9B9FD83E4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9BA03256C15_3_000001B9BA03256C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D8099815_3_000001B9B7D80998
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F2286C15_3_00007DF4C7F2286C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F408CC15_3_00007DF4C7F408CC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C800E77415_3_00007DF4C800E774
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F9582415_3_00007DF4C7F95824
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_00007DF43C66392C35_3_00007DF43C66392C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_00007DF43C66220435_3_00007DF43C662204
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_00007DF43C664EFC35_3_00007DF43C664EFC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D1F4035_3_0000028A4E1D1F40
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D366035_3_0000028A4E1D3660
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D170E35_3_0000028A4E1D170E
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_3_0000028A4E1D027B35_3_0000028A4E1D027B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD7262C35_2_0000028A4DD7262C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD7C2D035_2_0000028A4DD7C2D0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8321835_2_0000028A4DD83218
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA474435_2_0000028A4DDA4744
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8D73035_2_0000028A4DD8D730
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA669C35_2_0000028A4DDA669C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD97E5835_2_0000028A4DD97E58
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD98E8835_2_0000028A4DD98E88
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD9467835_2_0000028A4DD94678
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8CE7035_2_0000028A4DD8CE70
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8C5D835_2_0000028A4DD8C5D8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA9DA835_2_0000028A4DDA9DA8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA55BC35_2_0000028A4DDA55BC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB156435_2_0000028A4DDB1564
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA5D8435_2_0000028A4DDA5D84
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8758035_2_0000028A4DD87580
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB011435_2_0000028A4DDB0114
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA60EC35_2_0000028A4DDA60EC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA50A435_2_0000028A4DDA50A4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD9089835_2_0000028A4DD90898
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD9786835_2_0000028A4DD97868
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD9E02835_2_0000028A4DD9E028
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB104835_2_0000028A4DDB1048
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD85FCC35_2_0000028A4DD85FCC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDAAFF035_2_0000028A4DDAAFF0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8EABC35_2_0000028A4DD8EABC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA522435_2_0000028A4DDA5224
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB422135_2_0000028A4DDB4221
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA420C35_2_0000028A4DDA420C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB0A4435_2_0000028A4DDB0A44
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8723435_2_0000028A4DD87234
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDAF9A435_2_0000028A4DDAF9A4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDAF15835_2_0000028A4DDAF158
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8FD3C35_2_0000028A4DD8FD3C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD714D035_2_0000028A4DD714D0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD974EC35_2_0000028A4DD974EC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDAF4B835_2_0000028A4DDAF4B8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDA0C4C35_2_0000028A4DDA0C4C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD8E40435_2_0000028A4DD8E404
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDB6C0835_2_0000028A4DDB6C08
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DDAD3C835_2_0000028A4DDAD3C8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C678FDC35_2_00007DF43C678FDC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C679C1835_2_00007DF43C679C18
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C67720035_2_00007DF43C677200
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C67848035_2_00007DF43C678480
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A6BE735_2_00007DF43C6A6BE7
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C694FC635_2_00007DF43C694FC6
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A5BB835_2_00007DF43C6A5BB8
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A539635_2_00007DF43C6A5396
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69A86535_2_00007DF43C69A865
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A781435_2_00007DF43C6A7814
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69F40935_2_00007DF43C69F409
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69C00935_2_00007DF43C69C009
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A3FFB35_2_00007DF43C6A3FFB
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A54E735_2_00007DF43C6A54E7
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A74BE35_2_00007DF43C6A74BE
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69C88435_2_00007DF43C69C884
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A248735_2_00007DF43C6A2487
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A5D7235_2_00007DF43C6A5D72
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A7D1835_2_00007DF43C6A7D18
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A31E435_2_00007DF43C6A31E4
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A6E1B35_2_00007DF43C6A6E1B
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A121A35_2_00007DF43C6A121A
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A720A35_2_00007DF43C6A720A
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C698ED935_2_00007DF43C698ED9
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69E2AB35_2_00007DF43C69E2AB
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69867A35_2_00007DF43C69867A
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C69576C35_2_00007DF43C69576C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A636535_2_00007DF43C6A6365
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A571635_2_00007DF43C6A5716
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D27AC35_2_00007DF43C6D27AC
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6CF04835_2_00007DF43C6CF048
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6CF8E035_2_00007DF43C6CF8E0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D9C7435_2_00007DF43C6D9C74
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D152C35_2_00007DF43C6D152C
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D01A035_2_00007DF43C6D01A0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D728D35_2_00007DF43C6D728D
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D0E7435_2_00007DF43C6D0E74
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6D330835_2_00007DF43C6D3308
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6F22CC35_2_00007DF43C6F22CC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D229A7838_2_0000026D8D229A78
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D228A6038_2_0000026D8D228A60
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23426438_2_0000026D8D234264
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D2298F838_2_0000026D8D2298F8
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22A94038_2_0000026D8D22A940
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D21745438_2_0000026D8D217454
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D233C6038_2_0000026D8D233C60
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D2254A038_2_0000026D8D2254A0
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23333038_2_0000026D8D233330
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23237438_2_0000026D8D232374
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D2293B438_2_0000026D8D2293B4
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D232BC038_2_0000026D8D232BC0
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22E5FC38_2_0000026D8D22E5FC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22A5D838_2_0000026D8D22A5D8
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D229E1038_2_0000026D8D229E10
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23C62038_2_0000026D8D23C620
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D218ECC38_2_0000026D8D218ECC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D21C6AC38_2_0000026D8D21C6AC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D21BD4038_2_0000026D8D21BD40
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22F84C38_2_0000026D8D22F84C
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22287C38_2_0000026D8D22287C
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D21C0BC38_2_0000026D8D21C0BC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D22AEF038_2_0000026D8D22AEF0
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D2326D438_2_0000026D8D2326D4
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D21D6DC38_2_0000026D8D21D6DC
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D241F2838_2_0000026D8D241F28
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23478038_2_0000026D8D234780
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D23C78838_2_0000026D8D23C788
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D228F9838_2_0000026D8D228F98
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\378864\Senegal.com 69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: String function: 004062A3 appears 56 times
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6636 -s 388
                      Source: H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeP vs H3G7Xu6gih.exe
                      Source: H3G7Xu6gih.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Senegal.com, 0000000E.00000003.1781219452.0000012FE96B3000.00000040.00000400.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1785366005.0000012FE96B3000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: FaI O k.h.o.vBP.tV.R.u_t_X_Pt G-~ qoUy_Wc_k_P v
                      Source: Senegal.com, 0000000E.00000003.1781219452.0000012FE96B3000.00000040.00000400.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1785366005.0000012FE96B3000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: u.C.Ji.rDd_qU q q.q p d.L$_vX v_k: i_fMly.JPf.3 X_tFT.O_k_a_C H f<) F.yc: E_r_P.h P R_qY K.R.y w,v S q O L F j}.ZJ.b_J zF p.L7 KLJ.R_g_a.Q@.a_N.QAD NC nB k a< s_t w c_sQ_e z.i.Q.v.2.7.n[.t_rX.9_lqY/}V W a:F_l nYo R.k x_B Q W.M.b.S_wkM.9.7.s4 K{F_j_L- f_l0 J.SL5Y$_Q.U.s.RL f w.Q.HT.W.Tta0 t TTgz G sk f.9.Fh.K cIlA_Mx.e G.P_y_r_t.c t.a.6_u.FaI O k.h.o.vBP.tV.R.u_t_X_Pt G-~ qoUy_Wc_k_P v.1_q_w_J_xmbg<_r_p.Z`n.x
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@95/253@18/14
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9954124 GetLastError,FormatMessageW,14_2_00007FF7A9954124
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A994C46C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,14_2_00007FF7A994C46C
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A995368C CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,14_2_00007FF7A995368C
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D459-1CB4.pma
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5956:120:WilError_03
                      Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-95c12ecb-5aeb-f01b56-e5ef7a6cddd6}
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeFile created: C:\Users\user\AppData\Local\Temp\nsx2779.tmpJump to behavior
                      Source: H3G7Xu6gih.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\SysWOW64\findstr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                      Source: chrome.exe, 00000015.00000002.1986002947.00000207CE030000.00000002.00000001.00040000.00000014.sdmp, chrome.exe, 00000015.00000002.2006171231.00003D14026E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: svchost.exe, 0000000F.00000003.2046898400.000001B9BA466000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1983476941.000001B9BA437000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2048309451.000001B9BA4C8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1986038857.00000207CE045000.00000002.00000001.00040000.00000015.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: svchost.exe, 0000000F.00000003.2346220557.00007DF4C8023000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1891701474.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345875198.000001B9BB6A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2345489992.000001B9BB550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1892808350.000001B9BB1D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: H3G7Xu6gih.exeReversingLabs: Detection: 39%
                      Source: svchost.exeString found in binary or memory: ext-ms-win-security-authz-helper-l1-1-0.dll
                      Source: svchost.exeString found in binary or memory: api-ms-win-stateseparation-helpers-l1-1-0.dll
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeFile read: C:\Users\user\Desktop\H3G7Xu6gih.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\H3G7Xu6gih.exe "C:\Users\user\Desktop\H3G7Xu6gih.exe"
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 378864
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "TRIBUTEBOOTYSTANTIQUE" Flexible
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Shuttle + ..\Worcester + ..\Reservation + ..\Signed + ..\Vulnerability + ..\Choices + ..\Schemes + ..\Chambers + ..\Denied + ..\Elite + ..\Acute + ..\Vegas k
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com Senegal.com k
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com C:\Users\user\AppData\Local\Temp\378864\Senegal.com
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6636 -s 388
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDACB.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/0e638796"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2464,i,13374122703078418227,12941019929356624603,262144 /prefetch:8
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE403.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/706c4b13"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2076,i,5654214914569554567,17615992490036204996,262144 /prefetch:3
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/d0e2335e/706c4b13
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4356 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2824 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3088 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3964 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:8
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmdJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 378864Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Shuttle + ..\Worcester + ..\Reservation + ..\Signed + ..\Vulnerability + ..\Choices + ..\Schemes + ..\Chambers + ..\Denied + ..\Elite + ..\Acute + ..\Vegas kJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com Senegal.com kJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com C:\Users\user\AppData\Local\Temp\378864\Senegal.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDACB.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/0e638796"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE403.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/706c4b13"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2464,i,13374122703078418227,12941019929356624603,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2076,i,5654214914569554567,17615992490036204996,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4356 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2824 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3088 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3964 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: napinsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: pnrpnsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: wshbth.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: nlaapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: winrnr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wudfplatform.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: mswsock.dll
                      Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: H3G7Xu6gih.exeStatic file information: File size 1314244 > 1048576
                      Source: H3G7Xu6gih.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: kernel32.pdbUGP source: Senegal.com, 0000000E.00000003.1783094971.0000012FEBA70000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1783019309.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786629131.000001B9BA090000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786557279.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: Senegal.com, 0000000E.00000003.1782643664.0000012FEBBA0000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1782459766.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1786336454.000001B9BA1C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786164450.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: Senegal.com, 0000000E.00000003.1783094971.0000012FEBA70000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1783019309.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1786629131.000001B9BA090000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786557279.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: Senegal.com, 0000000E.00000003.1782643664.0000012FEBBA0000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1782459766.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786336454.000001B9BA1C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786164450.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmprph.exe, 00000023.00000003.2226301115.0000028A4F830000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2226260444.0000028A4F800000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmprph.exe, 00000023.00000003.2226301115.0000028A4F830000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2226260444.0000028A4F800000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: Senegal.com, 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, Senegal.com, 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 15.2.svchost.exe.1b9b7f39f00.2.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 15.2.svchost.exe.1b9b7f39f00.2.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 15.2.svchost.exe.1b9b7f0a5f0.0.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 15.2.svchost.exe.1b9b7f0a5f0.0.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_3_0000012FE9692924 push rsp; ret 14_3_0000012FE9692925
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9907149 push rdi; ret 14_2_00007FF7A9907152
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A99076AD push rdi; ret 14_2_00007FF7A99076B4
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE99594BE push esi; ret 14_2_0000012FE99594C2
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9957BFE push esi; ret 14_2_0000012FE9957BFF
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE99576D1 push ecx; ret 14_2_0000012FE99576F8
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9955E68 push ebp; retf 14_2_0000012FE9955E8C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9955E8D push ebp; retf 14_2_0000012FE9955E8C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE995D61F push ebp; iretd 14_2_0000012FE995D620
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE995A558 push ds; retf 14_2_0000012FE995A56F
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9956B2D push ss; iretd 14_2_0000012FE9C4B197
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE995DAC3 pushad ; iretd 14_2_0000012FE9C84EAB
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE994D0E0 pushad ; retf 14_2_0000012FE994D0E1
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9943CC4 push E8000098h; ret 14_2_0000012FE9943CC9
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D851EE push edi; ret 15_3_000001B9B7D851F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D808F4 push cs; ret 15_3_000001B9B7D80953
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D808B2 push cs; ret 15_3_000001B9B7D80953
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D855CE push eax; retf 15_3_000001B9B7D855D1
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D853CE push esi; ret 15_3_000001B9B7D853D5
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001B9B7D852E0 pushad ; iretd 15_3_000001B9B7D852E6
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_00007DF43C6A0BE7 push ebp; retf 35_2_00007DF43C6A0BE8
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D210A1B pushad ; retf 38_2_0000026D8D210A1C
                      Source: C:\Windows\System32\dllhost.exeCode function: 38_2_0000026D8D2105CD pushad ; retf 38_2_0000026D8D2105CE

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files with a suspicious file extension
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\378864\Senegal.comJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\378864\Senegal.comJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F4364 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,14_2_00007FF7A98F4364
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HOOKEXPLORER.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSLASSO.EXEWIRESHARK.EXEFIDDLER EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMUNITYDEBUGGER.EXEWINDUMP.EXEX64DBG.EXEX32DBG.EXEOLLYD
                      Source: Senegal.com, 0000000E.00000003.1781219452.0000012FE970F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: REGMON.EXE
                      Source: Senegal.com, 0000000E.00000003.1781219452.0000012FE970F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NS.EXEDUMPCAP.EXEDE4DOT.EXEHOOKEXPLORER.EXEILSPY.EXELORDPE.EXEDN:1T
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HACKER.EXEFILEMON.EXEREGMON.EXEWIND
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                      Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,38_2_0000026D8D212B70
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_14-80114
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comAPI coverage: 1.9 %
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A994CE3C GetFileAttributesW,FindFirstFileW,FindClose,14_2_00007FF7A994CE3C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9912DE0 FindFirstFileExW,14_2_00007FF7A9912DE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F40B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,15_3_00007DF4C7F40B80
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_0000012FE9945BC8 GetLogicalDriveStringsW,QueryDosDeviceW,14_2_0000012FE9945BC8
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D5C44 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,14_2_00007FF7A98D5C44
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\378864\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\378864Jump to behavior
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                      Source: svchost.exe, 0000000F.00000003.2345970375.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
                      Source: svchost.exe, 0000000F.00000002.2347112889.000001B9B7E50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@x
                      Source: dllhost.exe, 00000026.00000002.2747144337.0000026D8D3BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2345970375.000001B9B7FA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMCIDevSymbol
                      Source: svchost.exe, 0000000F.00000002.2347229226.000001B9B7E83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]en-USen-GBn
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000002.2347112889.000001B9B7E13000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000023.00000002.2747071738.0000028A4DED7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000026.00000002.2747144337.0000026D8D3BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                      Source: msedge.exe, 00000018.00000002.2064762704.000001F27C258000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                      Source: chrome.exe, 00000015.00000002.1984027123.00000207C643E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZwGP
                      Source: svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                      Source: wmprph.exe, 00000023.00000002.2747071738.0000028A4DED7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp|
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                      Source: svchost.exe, 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                      Source: svchost.exe, 0000000F.00000003.2044962654.000001B9BA434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F5A40 GetLastError,IsDebuggerPresent,OutputDebugStringW,14_2_00007FF7A98F5A40
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F5A40 GetLastError,IsDebuggerPresent,OutputDebugStringW,14_2_00007FF7A98F5A40
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A99141A8 GetProcessHeap,14_2_00007FF7A99141A8
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990AD08 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF7A990AD08
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9918E74 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF7A9918E74
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F566C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF7A98F566C
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F5850 SetUnhandledExceptionFilter,14_2_00007FF7A98F5850

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Program Files\Windows Media Player\wmprph.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 26D8D210000 protect: page read and write
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtProtectVirtualMemory: Direct from: 0x7FF7A98D83B5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtUnmapViewOfSection: Direct from: 0x7FF7A994C508Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtOpenFile: Direct from: 0x7FF7A994C37BJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtQuerySystemInformation: Direct from: 0x7FF7A98F4924Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtDelayExecution: Direct from: 0x7FF7A994DFD8Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtClose: Direct from: 0x7FF7A994C3CD
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtUnmapViewOfSection: Direct from: 0x7FF7A994C4BDJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtQuerySystemInformation: Direct from: 0x7FF7A994C4ADJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtProtectVirtualMemory: Direct from: 0x7FF7A98F8FF0Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtDelayExecution: Direct from: 0x7FF7A98E1C92Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtQueryAttributesFile: Direct from: 0x7FF7A994D642Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtClose: Direct from: 0x7FF7A994C5C7
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtQuerySystemInformation: Direct from: 0x7FF8418826A1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtQueryInformationToken: Direct from: 0x7FF7A9963508Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comNtProtectVirtualMemory: Direct from: 0x7FF7A990B26CJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comMemory written: C:\Users\user\AppData\Local\Temp\378864\Senegal.com base: 12FE9690000 value starts with: 4D5AJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comThread register set: target process: 6636Jump to behavior
                      Writes to foreign memory regions
                      Source: C:\Program Files\Windows Media Player\wmprph.exeMemory written: C:\Windows\System32\dllhost.exe base: 26D8D210000
                      Source: C:\Program Files\Windows Media Player\wmprph.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF6F7FC14E0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98D3B64 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,14_2_00007FF7A98D3B64
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A98F4364 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,14_2_00007FF7A98F4364
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmdJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 378864Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Shuttle + ..\Worcester + ..\Reservation + ..\Signed + ..\Vulnerability + ..\Choices + ..\Schemes + ..\Chambers + ..\Denied + ..\Elite + ..\Acute + ..\Vegas kJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com Senegal.com kJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Users\user\AppData\Local\Temp\378864\Senegal.com C:\Users\user\AppData\Local\Temp\378864\Senegal.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A993DB9C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,14_2_00007FF7A993DB9C
                      Source: H3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A63000.00000004.00000020.00020000.00000000.sdmp, Senegal.com, 0000000B.00000000.1548386227.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmp, Senegal.com, 0000000E.00000000.1715266395.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                      Source: Senegal.comBinary or memory string: Shell_TrayWnd
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990FBB0 cpuid 14_2_00007FF7A990FBB0
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F459B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,15_3_00007DF4C7F459B0
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A990BD88 GetSystemTimeAsFileTime,14_2_00007FF7A990BD88
                      Source: C:\Users\user\AppData\Local\Temp\378864\Senegal.comCode function: 14_2_00007FF7A9912290 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,14_2_00007FF7A9912290
                      Source: C:\Users\user\Desktop\H3G7Xu6gih.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805
                      Source: C:\Program Files\Windows Media Player\wmprph.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Wireshark.exe
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                      Source: svchost.exe, 0000000F.00000002.2347346284.000001B9B7F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regmon.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000000F.00000002.2347547624.000001B9B80D1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1785387835.000001B9B7DC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1781088392.0000012FE9830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: svchost.exe, 0000000F.00000003.2059178516.000001B9B7F4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Qtum-Electrum\config
                      Source: svchost.exe, 0000000F.00000003.2058972545.000001B9BA3F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\config
                      Source: svchost.exe, 0000000F.00000003.2058972545.000001B9BA3F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: __concatjaxx
                      Source: svchost.exe, 0000000F.00000002.2347996053.000001B9BA3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                      Source: svchost.exe, 0000000F.00000002.2347996053.000001B9BA3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Exodus
                      Source: svchost.exe, 0000000F.00000002.2347286611.000001B9B7EEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\??\C:\Users\user\AppData\Roaming\GHISLER\wcx_ftp.ini
                      Source: chrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: GCMKeyStore
                      Source: svchost.exe, 0000000F.00000002.2347229226.000001B9B7E83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\safebrowsing\google4Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\cache2Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\settingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\settings\main\ms-language-packsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\025af778-db9d-49f0-b172-4eb563717cb5Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\cache2\entriesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\settings\main\ms-language-packs\browserJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-releaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\dtbqpus9.defaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\thumbnailsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\cache2\doomedJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\settings\mainJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\startupCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\safebrowsingJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BQJUWOYRTOJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BWDRWEEARIJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BXAJUJAOEOJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1432, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000000F.00000002.2347547624.000001B9B80D1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1785387835.000001B9B7DC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1781088392.0000012FE9830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF4C7F459B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,15_3_00007DF4C7F459B0
                      Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 35_2_0000028A4DD7D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,35_2_0000028A4DD7D004

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Exploitation for Privilege Escalation                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Native API                      		1
                      Create Account                      		1
                      Abuse Elevation Control Mechanism                      		1
                      Abuse Elevation Control Mechanism                      		31
                      Input Capture                      		14
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		Logon Script (Windows)1
                      DLL Side-Loading                      		3
                      Obfuscated Files or Information                      		Security Account Manager27
                      System Information Discovery                      		SMB/Windows Admin Shares31
                      Input Capture                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Extra Window Memory Injection                      		1
                      Software Packing                      		NTDS151
                      Security Software Discovery                      		Distributed Component Object Model1
                      Clipboard Data                      		3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script413
                      Process Injection                      		1
                      DLL Side-Loading                      		LSA Secrets1
                      Virtualization/Sandbox Evasion                      		SSHKeylogging4
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Extra Window Memory Injection                      		Cached Domain Credentials4
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                      Masquerading                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Virtualization/Sandbox Evasion                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt413
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577524 Sample: H3G7Xu6gih.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 72 ts1.aco.net 2->72 74 time.google.com 2->74 76 7 other IPs or domains 2->76 106 Suricata IDS alerts for network traffic 2->106 108 Multi AV Scanner detection for submitted file 2->108 110 Yara detected RHADAMANTHYS Stealer 2->110 112 3 other signatures 2->112 12 H3G7Xu6gih.exe 25 2->12         started        15 msedge.exe 2->15         started        signatures3 process4 file5 70 C:\Users\user\AppData\Local\Temp\Acute, DOS 12->70 dropped 17 cmd.exe 3 12->17         started        21 msedge.exe 15->21         started        23 msedge.exe 15->23         started        26 msedge.exe 15->26         started        28 msedge.exe 15->28         started        process6 dnsIp7 68 C:\Users\user\AppData\Local\...\Senegal.com, PE32+ 17->68 dropped 104 Drops PE files with a suspicious file extension 17->104 30 Senegal.com 17->30         started        33 cmd.exe 2 17->33         started        35 conhost.exe 17->35         started        42 7 other processes 17->42 37 msedge.exe 21->37         started        40 msedge.exe 21->40         started        84 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49721 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 23->84 file8 signatures9 process10 dnsIp11 122 Modifies the context of a thread in another process (thread injection) 30->122 124 Injects a PE file into a foreign processes 30->124 126 Found direct / indirect Syscall (likely to bypass EDR) 30->126 44 Senegal.com 1 30->44         started        78 googlehosted.l.googleusercontent.com 172.217.17.65, 443, 49741 GOOGLEUS United States 37->78 80 chrome.cloudflare-dns.com 162.159.61.3, 443, 49742, 49743 CLOUDFLARENETUS United States 37->80 82 clients2.googleusercontent.com 37->82 signatures12 process13 signatures14 120 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 44->120 47 svchost.exe 6 44->47         started        51 WerFault.exe 2 44->51         started        process15 dnsIp16 92 185.147.124.244, 2456, 49707, 49726 E-STYLEISP-ASRU Russian Federation 47->92 94 time-a-g.nist.gov 129.6.15.28, 123, 63981 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 47->94 96 6 other IPs or domains 47->96 98 Found many strings related to Crypto-Wallets (likely being stolen) 47->98 100 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 47->100 102 Tries to harvest and steal browser information (history, passwords, etc) 47->102 53 wmprph.exe 47->53         started        56 chrome.exe 47->56         started        59 msedge.exe 14 47->59         started        signatures17 process18 dnsIp19 114 Writes to foreign memory regions 53->114 116 Allocates memory in foreign processes 53->116 61 dllhost.exe 53->61         started        86 239.255.255.250 unknown Reserved 56->86 118 Found many strings related to Crypto-Wallets (likely being stolen) 56->118 64 chrome.exe 56->64         started        66 msedge.exe 59->66         started        signatures20 process21 dnsIp22 88 92.255.85.148, 443, 49755, 49781 SOVTEL-ASRU Russian Federation 61->88 90 127.0.0.1 unknown unknown 64->90

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      H3G7Xu6gih.exe39%ReversingLabsWin32.Ransomware.Rhadamanthys

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\378864\Senegal.com0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\Acute0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:%u/json/list?t=%u0%Avira URL Cloudsafe
                      http://127.01:0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/d0e2335e/706c4b13msedge.exe0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/0%Avira URL Cloudsafe
                      http://crl.globa0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/d0e2335e/706c4b130%Avira URL Cloudsafe
                      http://anglebug.com/5901rm0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/d0e2335e/706c4b13es0%Avira URL Cloudsafe
                      http://127.01:8000/d0e2335e/706c4b130%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      time.cloudflare.com
                      		162.159.200.123
                      		truefalse
                        		high
                        ntp.nict.jp
                        		133.243.238.243
                        		truefalse
                          		high
                          chrome.cloudflare-dns.com
                          		162.159.61.3
                          		truefalse
                            		high
                            time.google.com
                            		216.239.35.4
                            		truefalse
                              		high
                              ntp1.net.berkeley.edu
                              		169.229.128.134
                              		truefalse
                                		unknown
                                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                                		94.245.104.56
                                		truefalse
                                  		high
                                  ntp.time.in.ua
                                  		62.149.0.30
                                  		truefalse
                                    		high
                                    time-a-g.nist.gov
                                    		129.6.15.28
                                    		truefalse
                                      		high
                                      googlehosted.l.googleusercontent.com
                                      		172.217.17.65
                                      		truefalse
                                        		high
                                        time.facebook.com
                                        		129.134.25.123
                                        		truefalse
                                          		high
                                          clients2.googleusercontent.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            saUAIEVgZoURlhJFQUK.saUAIEVgZoURlhJFQUK
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              ts1.aco.net
                                              		unknown
                                              		unknownfalse
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabsvchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://127.01:8000/d0e2335e/706c4b13svchost.exe, 0000000F.00000003.2107683147.000001B9BA631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/ac/?q=chrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000015.00000002.1990037460.00003D1402298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/4633chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7382chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://issuetracker.google.com/284462263msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/manifest.json0.31.drfalse
                                                                    		high
                                                                    https://anglebug.com/7714chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://unisolated.invalid/chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/chrome/tips/chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007907551.00003D14029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/6248chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/6929chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://anglebug.com/5281chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://127.0.0.1:8000/d0e2335e/706c4b13History.26.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://issuetracker.google.com/255411748msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.2007759365.00003D1402984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996508564.00003D1402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007802867.00003D1402994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://discord.comsvchost.exe, 0000000F.00000003.2058077938.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2058226529.000001B9BA4B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://anglebug.com/7246chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://127.0.0.1:%u/json/list?t=%uwmprph.exe, 00000023.00000002.2750834156.00007DF43C6DD000.00000004.00000001.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257538988.0000028A4DF71000.00000004.00000020.00020000.00000000.sdmp, wmprph.exe, 00000023.00000003.2257384013.0000028A4DF09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://anglebug.com/7369chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7489chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/?q=chrome.exe, 00000015.00000002.2008236237.00003D1402A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://chrome.google.com/webstorechrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2094284959.0000592C0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive-daily-2.corp.google.com/manifest.json0.31.drfalse
                                                                                                    		high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.autoitscript.com/autoit3/XH3G7Xu6gih.exe, 00000000.00000003.1508262803.0000000002A79000.00000004.00000020.00020000.00000000.sdmp, Senegal.com, 0000000B.00000000.1548491394.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmp, Senegal.com, 0000000E.00000000.1715717205.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmp, Pdas.0.dr, Senegal.com.2.drfalse
                                                                                                          		high
                                                                                                          https://issuetracker.google.com/161903006msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.ecosia.org/newtab/chrome.exe, 00000015.00000002.2009939576.00003D1402D7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://drive-daily-1.corp.google.com/manifest.json0.31.drfalse
                                                                                                                		high
                                                                                                                https://drive-daily-5.corp.google.com/manifest.json0.31.drfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/favicon.icochrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://127.01:svchost.exe, 0000000F.00000003.2096994367.000001B9BA461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/3078chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/7553chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/5375chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/5371chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/4722chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://m.google.com/devicemanagement/data/apichrome.exe, 00000015.00000002.1993730556.00003D140240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://developer.chrome.com/extensions/external_extensions.html)chrome.exe, 00000015.00000002.1992960208.00003D1402330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.2007556362.00003D1402920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D1402690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://127.0.0.1/chrome.exe, 00000015.00000002.1990008300.00003D140228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006503718.00003D1402774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008982015.00003D1402BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993124267.00003D140234C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/7556chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://chromewebstore.google.com/chrome.exe, 00000015.00000002.1989727669.00003D140220C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2095257080.0000592C0016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.31.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/5901rmchrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://drive-preprod.corp.google.com/manifest.json0.31.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://chrome.google.com/webstore/manifest.json.31.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://clients4.google.com/chrome-syncchrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/6692chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://issuetracker.google.com/258207403msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3502chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/3623msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/3625msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3624msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/5007chrome.exe, 00000015.00000002.2010404188.00003D1402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978926015.00003D1402E38000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://chrome.google.com/webstore?hl=en-GBchrome.exe, 00000015.00000002.2009216580.00003D1402C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009014348.00003D1402BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008755114.00003D1402B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008946715.00003D1402B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1997444315.00003D14026B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993562119.00003D14023AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3862chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000015.00000002.2009284120.00003D1402C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979261357.00003D1402E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2008397743.00003D1402A64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979569420.00003D1402E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010506934.00003D1402E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1993997742.00003D1402484000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000015.00000002.2010154520.00003D1402DD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/4836chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://issuetracker.google.com/issues/166475273msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icochrome.exe, 00000015.00000002.2010185787.00003D1402DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://msn.com/msedge.exe, 00000018.00000002.2095630485.0000592C002C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/4384chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://chrome.google.com/webstore?hl=en-GB~kchrome.exe, 00000015.00000002.1997444315.00003D14026B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/3970chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePWchrome.exe, 00000015.00000002.2008664795.00003D1402AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006222704.00003D14026EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2007398671.00003D14028D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certschrome.exe, 00000015.00000002.2008832939.00003D1402B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://127.0.0.1:8000/d0e2335e/706c4b13msedge.exesvchost.exe, 0000000F.00000003.2055724350.000001B9BA406000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://crl.globaH3G7Xu6gih.exe, 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://anglebug.com/7604chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/7761chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 0000000F.00000003.1981086125.000001B9BA479000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2009868941.00003D1402D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1996417434.00003D1402628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2006705264.00003D14027C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/5901chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/3965chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/6439chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/7406chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://anglebug.com/7161chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://127.0.0.1:8000/d0e2335e/706c4b13esmsedge.exe, 00000018.00000002.2064977652.000001F27C27C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://drive-autopush.corp.google.com/manifest.json0.31.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://anglebug.com/7162chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/5906chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028353175.0000592C003C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/2517chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://permanently-removed.invalid/MergeSessionmsedge.exe, 00000018.00000003.2027593712.0000592C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027378534.0000592C00268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2028226583.0000592C00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://127.0.0.1:8000/000003.log3.26.drfalse
                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://anglebug.com/4937chrome.exe, 00000015.00000003.1979993234.00003D1402CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1979944793.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1978070175.00003D1402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.2010475626.00003D1402E60000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://issuetracker.google.com/166809097msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://issuetracker.google.com/200067929msedge.exe, 00000018.00000003.2027108272.0000592C00388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      62.149.0.30
                                                                                                                                                                                                                                      		ntp.time.in.uaUkraine
                                                                                                                                                                                                                                      		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                                                                                                                                                                                      94.245.104.56
                                                                                                                                                                                                                                      		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                                                                                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                      169.229.128.134
                                                                                                                                                                                                                                      		ntp1.net.berkeley.eduUnited States
                                                                                                                                                                                                                                      		25UCBUSfalse
                                                                                                                                                                                                                                      129.6.15.28
                                                                                                                                                                                                                                      		time-a-g.nist.govUnited States
                                                                                                                                                                                                                                      		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                                                                                                                                                                      129.134.25.123
                                                                                                                                                                                                                                      		time.facebook.comUnited States
                                                                                                                                                                                                                                      		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                      216.239.35.4
                                                                                                                                                                                                                                      		time.google.comUnited States
                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                      133.243.238.243
                                                                                                                                                                                                                                      		ntp.nict.jpJapan9355NICTNationalInstituteofInformationandCommunicationsTefalse
                                                                                                                                                                                                                                      162.159.200.123
                                                                                                                                                                                                                                      		time.cloudflare.comUnited States
                                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                      162.159.61.3
                                                                                                                                                                                                                                      		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                      92.255.85.148
                                                                                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                                                                                      		42097SOVTEL-ASRUtrue
                                                                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                                                                      		unknownReserved
                                                                                                                                                                                                                                      		unknownunknownfalse
                                                                                                                                                                                                                                      172.217.17.65
                                                                                                                                                                                                                                      		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                      185.147.124.244
                                                                                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                                                                                      		20655E-STYLEISP-ASRUtrue

                                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1577524
                                                                                                                                                                                                                                      Start date and time:2024-12-18 14:53:28 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 11m 1s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:40
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:H3G7Xu6gih.exe
                                                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                                                      Original Sample Name:73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8.exe
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@95/253@18/14
                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 80%
                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 81%
                                                                                                                                                                                                                                      • Number of executed functions: 182
                                                                                                                                                                                                                                      • Number of non-executed functions: 183
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, Runtimeuserer.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.162.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 23.216.77.168, 23.216.77.154, 142.251.40.163, 142.250.65.195, 4.175.87.197, 92.122.16.236, 13.107.246.63, 23.44.136.133, 13.107.22.239
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, a2033.dscd.akamai.net, business.bing.com, clients.l.google.com, msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                                      • Execution Graph export aborted for target svchost.exe, PID 1432 because there are no executed function
                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                      • VT rate limit hit for: H3G7Xu6gih.exe

                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      08:54:47API Interceptor1x Sleep call for process: H3G7Xu6gih.exe modified
                                                                                                                                                                                                                                      08:55:59API Interceptor1x Sleep call for process: wmprph.exe modified

                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      62.149.0.30payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                            download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                94.245.104.5617333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                  oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        B3N4x4meoJ.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    169.229.128.134List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        time.cloudflare.compayload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.200.123
                                                                                                                                                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.200.123
                                                                                                                                                                                                                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.200.1
                                                                                                                                                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.200.1
                                                                                                                                                                                                                                                                        chrome.cloudflare-dns.comko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                        ntp.nict.jpList of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 133.243.238.244
                                                                                                                                                                                                                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 61.205.120.130
                                                                                                                                                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 133.243.238.243
                                                                                                                                                                                                                                                                        wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 61.205.120.130

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        UCBUSmipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                        • 169.229.133.17
                                                                                                                                                                                                                                                                        List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 169.229.128.134
                                                                                                                                                                                                                                                                        home.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                        • 169.229.176.114
                                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                        • 136.152.48.193
                                                                                                                                                                                                                                                                        wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 169.229.128.134
                                                                                                                                                                                                                                                                        xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 169.229.176.118
                                                                                                                                                                                                                                                                        wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 136.152.38.2
                                                                                                                                                                                                                                                                        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 128.32.7.69
                                                                                                                                                                                                                                                                        la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 128.32.229.224
                                                                                                                                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 128.32.7.74
                                                                                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 20.233.83.145
                                                                                                                                                                                                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                        • 52.151.111.14
                                                                                                                                                                                                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 20.55.13.142
                                                                                                                                                                                                                                                                        loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 40.92.162.115
                                                                                                                                                                                                                                                                        loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 20.173.233.245
                                                                                                                                                                                                                                                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 20.183.227.19
                                                                                                                                                                                                                                                                        pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 20.233.83.145
                                                                                                                                                                                                                                                                        Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                                                                                                                                        • 20.233.83.145
                                                                                                                                                                                                                                                                        http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.170.203.157
                                                                                                                                                                                                                                                                        EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.182.143.210
                                                                                                                                                                                                                                                                        COLOCALLInternetDataCenterColoCALLUAizCOFC8OWh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.249
                                                                                                                                                                                                                                                                        payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.30
                                                                                                                                                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.30
                                                                                                                                                                                                                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.30
                                                                                                                                                                                                                                                                        splmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 31.28.168.19
                                                                                                                                                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.30
                                                                                                                                                                                                                                                                        wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.30
                                                                                                                                                                                                                                                                        http://pint77.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 62.149.0.249
                                                                                                                                                                                                                                                                        DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                        • 31.28.171.149
                                                                                                                                                                                                                                                                        DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                        • 31.28.171.149

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        caec7ddf6889590d999d7ca1b76373b6List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148
                                                                                                                                                                                                                                                                        XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        • 92.255.85.148

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\378864\Senegal.comfile.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.Malware-gen.8775.19492.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  O8scEm3rJN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    KeyFormed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      wWk9NkXYcL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          7CTH165fQv.exeGet hashmaliciousLatrodectusBrowse

                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3913e8ac-5d5b-40f2-a4ca-f7a8116522c0.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):48212
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.095171693402655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:uDXzgWPsj/qlGJqIY8GB4xKTaGUXqgfbwDtm2N9zP9l6l+d8GPA1UQYqGwLWZkHC:u/Ps+wsI7yOKTWEZvzL6lP6qfyW0e6k4
                                                                                                                                                                                                                                                                                            MD5:0921C8A22A0714849101D4A17C686D97
                                                                                                                                                                                                                                                                                            SHA1:D99B19DCAB474A32FE07B1AC75ED4F26E3B1B0CE
                                                                                                                                                                                                                                                                                            SHA-256:44D3752E4C05B727F6F193627E8BC97D1DB8548D27E0AD49032704A8B40EEB75
                                                                                                                                                                                                                                                                                            SHA-512:A50526B86558859973DBB43CE69B859F3BC2D1B52B011799C668248F424DEB0FA7231594CDD0618E0795010167772C228F33BF0CE07AF812AFD3B3CD076C65A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530139"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8170b7b7-da6b-476c-bd4d-38a08b3a6f20.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):45642
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.088472025388447
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:9MkbJrT8IeQc5dKTaGUXqgfbwDt0nXUMEkANAXxYJCvoUQYqGwLWZkHUfG675:9Mk1rT8H1KTWEZ0XxQao6qfyW0e69
                                                                                                                                                                                                                                                                                            MD5:32EAA2EED384D2EA25D6D95A6881FBF0
                                                                                                                                                                                                                                                                                            SHA1:68426CF6C0051EF0C349AAFE55D1448C7E9A7C00
                                                                                                                                                                                                                                                                                            SHA-256:921453398FB728EEB6F91272F638AFD271613FC9445C84077EF4B5D2BB886A8D
                                                                                                                                                                                                                                                                                            SHA-512:BB88E3DA7B237625E95A1D0B5EB138A388383D71CB15FD9E64B46BBF36BBA206AD5F2D31A39EF5FD176173B021AC40F7529C010ADE9B08365540487B873B8279
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530139"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\87a578b3-ff46-4506-9a42-303650060040.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9716448a-3d3e-49d8-aa24-9b4263ccead7.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):44493
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.095803904387293
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4x4jdUXqgfbwDtmkXJREdUQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7yO44EZq6qfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:780EC7A3FDD34415441D47241EEC9D18
                                                                                                                                                                                                                                                                                            SHA1:A5F582A3C3B4A31AF1F364171685EA46CAEF5760
                                                                                                                                                                                                                                                                                            SHA-256:FC1C209EF7071F967EE25C4ABFE2EBB52CCE9FB587FDC55972D12EBCCBAE486F
                                                                                                                                                                                                                                                                                            SHA-512:5F23CF9E68C25E1D0978372D300BD129100D253E14714B377B48523C1F5F01DFA6727AF4CCA2E3A4E313A75CB208F108D5FC78D0CC9197AFEAEBAE65A1905C49
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\409bd417-0ba4-4f7f-bd02-918c3d6674e1.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                            MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                            SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                            SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                            SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                            MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                            SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                            SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                            SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D459-1CB4.pma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.33532668626457585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Ri7nN0SyjGK9W0oGzhD7AXg1HFAaXkzFBAUdnzgdQTs5G4J:g7nAjoGzJ7AXaH3XgXd4QY5G4J
                                                                                                                                                                                                                                                                                            MD5:949910CF6020E01593BC7A9A1C0CFBE0
                                                                                                                                                                                                                                                                                            SHA1:E1C3D286E22FA3AD9A9BB20BC03E985B61843CB1
                                                                                                                                                                                                                                                                                            SHA-256:A223F435A4361E360B0E5459C8661EA9BAAE33FFDBD6226F6E73965C585B452A
                                                                                                                                                                                                                                                                                            SHA-512:E73AA4D4B874E43A3C328F44D03C5D5D1AF27A4569526B064C72A8F3ACF81BA5B49E2F313993914B0DC067B7D6E02BFDCB75CB28DC9ADB15C9244BA100AF8ED8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@............... z...i..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".dnhuyb20,1(.0..8..B............5.0.02.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....s..^o..J...W..^o..J.....1.^o..J.......^o..J../T...^o..J...t...^o..J.......^o..J...Y...^o..J.......^o..J..w....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J..3.(..^o..J.......^o..J.....-.^o..J.....z.^o..J..G....^o..J..8...^o..J...#...^o..J....r..^o..J....k..^o..J..K...^o..J....N..^o..J....ij.^o..J..S..O.^o..J.......^o..J..%....^o..J...z:..^o..J.......^o..J...M..^o

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D45D-2F8.pma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.23815307797958607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:QzR7AUhDflBMC8jbKBqle7EjzAwIQ0MdJLo12f95Z32TEwQ2ZlHVv8:kGUlByjI4k1sTw0
                                                                                                                                                                                                                                                                                            MD5:E511E5432469F182EDB703EAB9E51383
                                                                                                                                                                                                                                                                                            SHA1:8F62D6CFF9A0CF66B4C811E8687E8ABB90F39646
                                                                                                                                                                                                                                                                                            SHA-256:31599F53C55C393BD64E0E799335690EE9549F41A02075B461A2537FBC52CBB3
                                                                                                                                                                                                                                                                                            SHA-512:5701675A5A7A94F3773863C98B50F1774E837F0BB2DD893394B9B426A5038FE69DFE77C1E87807ED3A5006A9E4CD2BD34E8F06945D3E4A00889B928C946FE680
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@....................r..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".dnhuyb20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J../T...^o..J...Y...^o..J..w....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J...#...^o..J....k..^o..J..S..O.^o..J..l.zL.^o..J..1.9..^o..J..@."..^o..J..?U...^o..J..aV...^o..J..z{...^o..J..n....^o..J...@...^o..J...I.r.^o..J.......^o..J..ZK...^o..J.....^o..J.......^o..J....\.^o..J.....f.^o..J...7Y..^o..J......^o..J.......^o..J.. .E..^o..J..BE1..^o..J...{...^o.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.186405996455797
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:FiWWltlUkzpbazHSAS219jlV/TUqjNlWBVP/Sh/Jzv6cRBAVIGGgphVE7GC/Ollt:o1U6BaYIlWBVsJD6dpPhVeGC/O/
                                                                                                                                                                                                                                                                                            MD5:0D0C6A5A14BC2141201C32A1F7C87A09
                                                                                                                                                                                                                                                                                            SHA1:CA25216B59523CCC5DFAFB86D4B4D265A6B1BA53
                                                                                                                                                                                                                                                                                            SHA-256:78ECB5979E18356057D4F459FD12670B202B19E936991A6CCB9931429F732056
                                                                                                                                                                                                                                                                                            SHA-512:A75F19DDAF31A241EA098482ECE561FC94A33322365289161BDEE95BC4B6429989B32E15CBE6C150A2254AA1388BAF85746CFA7469137F4FBD03F76F7FAF77FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:sdPC....................i...|.@..s..."GTJZX6ysgheZqBTPXcKXA+Ak8runmRph4F61XypBFRM="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8963f191-f8e0-42ec-8449-d20a8242b3e6............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\03b239c7-8877-48f3-9372-c8a9689a2994.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10835
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.217299129654907
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gsYQcDwIlN6xZRzkb3o88bV+FX/QAcyj93PPMKJ:stMOsYQcDwi4Z9bGvQpyj93
                                                                                                                                                                                                                                                                                            MD5:11E70D138B349C3AB3CAAEBDF57DA519
                                                                                                                                                                                                                                                                                            SHA1:AB1A4ED509F3C52B4145EFC7D28CB11CEC73B940
                                                                                                                                                                                                                                                                                            SHA-256:FABC956E5309CAD29AB298A2A26E947C467C79D6272A3F6837A713063492761A
                                                                                                                                                                                                                                                                                            SHA-512:61CFE10FE0B1A8FDE06EF5B11ACBE46582CE56570FA94AAF68FE7FB0789BC87B4749F371BF97126048BA6A2517C8DE3CFC9EB5C340F90006CBA235F8D040E5FC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0c726331-6bef-4752-8661-cd2d8251792c.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\38d5efd0-ac5d-4efc-88b5-993b0f5e3427.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):30079
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.568249255628685
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMxH7pLGLhlgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPTUiT1Zrwgphth:GXWMxBchlgWPf+fhPu1jaGTUe1qCth
                                                                                                                                                                                                                                                                                            MD5:8BFE91EAB034202DDAF3C1D54351E931
                                                                                                                                                                                                                                                                                            SHA1:59A2B4EE9D8D741FC7109D21FE9FF1AB988CDA90
                                                                                                                                                                                                                                                                                            SHA-256:DF8B47B3124BFBBE4E5BC93995121EE9D4092B3D3AA12508E9028481C7312DCD
                                                                                                                                                                                                                                                                                            SHA-512:48ADBAFB417010E8F8036D460B13E06FD1CF0491E382666F566BD82018497BF315CA2643CA5EB909B851904C335D9E7CB25BD9CF84410FDD33DD502CFE93CDAB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6fb8f012-3ee7-4f44-a70e-9c34427011d2.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24723
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.56837081781824
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMLgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVziT1ZrwYphtuN:GXWMLgWPf+fhPu1ja+e1q6tC
                                                                                                                                                                                                                                                                                            MD5:FA0DC88894293E1277E6AD7BB53445B7
                                                                                                                                                                                                                                                                                            SHA1:EB057AA8953CE62843B99190AD83CBB830DEC3D4
                                                                                                                                                                                                                                                                                            SHA-256:A9CF29A3613C7174C2088C15E76BDD5B9CF583E430181022236C4CF49B2B2AA4
                                                                                                                                                                                                                                                                                            SHA-512:63E356EF815AFA863268DFF5450A642C0C05053789E3D9D07E8822BEA35E5E3C6C6B56EA580E42C4DB6CFD9C1C1A62C3F7FBA402BC97D1C4BDC591B12DA9557C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ede1aec-fb00-4fd8-ab52-2000d7c3b3ce.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f530788-6242-4dcd-b0cf-92bb3d5e85fd.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28236
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.560231604758463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMxH7pLGLhlgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVziT1Zrw5phtuA:GXWMxBchlgWPf+fhPu1ja+e1qxtT
                                                                                                                                                                                                                                                                                            MD5:93AAB99DED36B21BF5327E8185F07CF4
                                                                                                                                                                                                                                                                                            SHA1:16B25D30AAFD83A484E55FD2039407F5DFD0246C
                                                                                                                                                                                                                                                                                            SHA-256:9D8751C94593CB7E3F26650F6092BBAE44F1CCFF5779A5EEE90F6EA60CF7F792
                                                                                                                                                                                                                                                                                            SHA-512:77C38426A3D08EA272BF618D38EEDA07442023FBF42C157EE6A6D6FAFCAC779307E5D5FA7DFF3DA450FD244B20995F93C4F2BAD215785672762182803B6591B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                            MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                            SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                            SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                            SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):303
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.268097890336434
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQERW6D1Fi23oH+Tcwtp3hBtB2KLlpRQEKK9+q2PFi23oH+Tcwtp3hBWsIFUv:72oZYebp3dFLT25K4vdZYebp3eFUv
                                                                                                                                                                                                                                                                                            MD5:5694A3EEC520B64D18ED2A3DEEEAFE7A
                                                                                                                                                                                                                                                                                            SHA1:7DE2387A60A9355CAFAB41A4BE38943EC11E1730
                                                                                                                                                                                                                                                                                            SHA-256:8A79FAF7498CA0D89DB3791CF49C0CD6410C84D48101CD0C21895718AE4B08A8
                                                                                                                                                                                                                                                                                            SHA-512:3AB409FB9643856A8CF8758D72F0992CAD370CAC7A9CEA5494EA139224601F1AAA3D183ECC2A669CFF6FC8FE8FEE6C41E89CA263BBF324B4B226BB9E6F26F0C9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:41.443 be8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/18-08:55:41.458 be8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):480588
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.393641553014676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:tZS15tRdAYDI1JcYxS57aDZ7aJOGiMleOebNG/dFd2X13Wf:tZcXAYDI1JcYk5WZ0OG1yJG/dKWf
                                                                                                                                                                                                                                                                                            MD5:8F69AEEAD7DA3C3EF777E96E6CB4CA8C
                                                                                                                                                                                                                                                                                            SHA1:B0F49FAF73C93CBEA69323DF8B625A53825A21C8
                                                                                                                                                                                                                                                                                            SHA-256:5D92E1F8D846D72E4E05BE379B8241BCE7CF6E62EEAF08A763431D564AA530B8
                                                                                                                                                                                                                                                                                            SHA-512:DF0C3318C81392C7A5ECE086057E8AEFA84DD052E08E535AEEA826A29BC1C14003F655C16962AD5412A763BA090835FCBA9E25387252027A66E6691689474513
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340972966846363.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.148816441912887
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQo+q2PFi23oH+Tcwt9Eh1tIFUt8ORQ7xXZmw+ORQxx3VkwOFi23oH+Tcwt9Ehx:729vdZYeb9Eh16FUt8O27d/+O2jF5wZw
                                                                                                                                                                                                                                                                                            MD5:AE74A9C680670872DF26DB6D0D62C92E
                                                                                                                                                                                                                                                                                            SHA1:E24E478671E47D29566B72B5457EE017DCCE0DD4
                                                                                                                                                                                                                                                                                            SHA-256:98F6D120CA385A27D6495F284F0A6289B915A6D62139F69775867999FED24DFE
                                                                                                                                                                                                                                                                                            SHA-512:30D6F166EDBA22D9992C2CEFD782C4678310DC9324AB26C062FA23F0364DFA1FB5F5862CA94C277F1504C0C5095C60E590ECBDE1F07A0D9E12AEE64C683FC4D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:43.411 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-08:55:43.412 1ab8 Recovering log #3.2024/12/18-08:55:43.418 1ab8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.148816441912887
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQo+q2PFi23oH+Tcwt9Eh1tIFUt8ORQ7xXZmw+ORQxx3VkwOFi23oH+Tcwt9Ehx:729vdZYeb9Eh16FUt8O27d/+O2jF5wZw
                                                                                                                                                                                                                                                                                            MD5:AE74A9C680670872DF26DB6D0D62C92E
                                                                                                                                                                                                                                                                                            SHA1:E24E478671E47D29566B72B5457EE017DCCE0DD4
                                                                                                                                                                                                                                                                                            SHA-256:98F6D120CA385A27D6495F284F0A6289B915A6D62139F69775867999FED24DFE
                                                                                                                                                                                                                                                                                            SHA-512:30D6F166EDBA22D9992C2CEFD782C4678310DC9324AB26C062FA23F0364DFA1FB5F5862CA94C277F1504C0C5095C60E590ECBDE1F07A0D9E12AEE64C683FC4D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:43.411 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-08:55:43.412 1ab8 Recovering log #3.2024/12/18-08:55:43.418 1ab8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEM:/M/xT02z
                                                                                                                                                                                                                                                                                            MD5:6E951E9DE4C79D33B18FF4754AF435AF
                                                                                                                                                                                                                                                                                            SHA1:373BCD27D1C3EECB570DE326E46EDB784B4E7D7B
                                                                                                                                                                                                                                                                                            SHA-256:F28AA29122553EBB89ED4A3D459AE086D6B2B0AEC8C507CA70DC1B1B932A3148
                                                                                                                                                                                                                                                                                            SHA-512:F860B74D6852FA3415F871D1EC4A725E15BA8C5E41954241090BD99AAD471C9E4D61C75D6B70225E33BC688046B8C39C773F6C5FD86F093C71B238D8BDF82BBC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):344
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.245065999669842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFDE9+q2PFi23oH+TcwtnG2tMsIFUt8ORQF13JZmw+ORQF139VkwOFi23oH+TR:72Vi+vdZYebn9GFUt8O2fZ/+O2fNV5wL
                                                                                                                                                                                                                                                                                            MD5:F10C0EF2E0806BD6326BBEFDB74261B5
                                                                                                                                                                                                                                                                                            SHA1:23B0B57ED86C2BA6335CF6E8E9DFDC91C061E244
                                                                                                                                                                                                                                                                                            SHA-256:9BE44080146B620A5DACBFE569913BA5467FF4CA94DE8AC5F42A13A674E61AD3
                                                                                                                                                                                                                                                                                            SHA-512:FC0A0DB07AE6DE83029D350FBABEEDDD912D9D65A95B7623CB8806818B13EBA2B96636EA9FAF43A006419F82B9B5F005D294412BF260EEEEC5360F5ECC8A902C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.191 1fbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:42.192 1fbc Recovering log #3.2024/12/18-08:55:42.192 1fbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):344
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.245065999669842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFDE9+q2PFi23oH+TcwtnG2tMsIFUt8ORQF13JZmw+ORQF139VkwOFi23oH+TR:72Vi+vdZYebn9GFUt8O2fZ/+O2fNV5wL
                                                                                                                                                                                                                                                                                            MD5:F10C0EF2E0806BD6326BBEFDB74261B5
                                                                                                                                                                                                                                                                                            SHA1:23B0B57ED86C2BA6335CF6E8E9DFDC91C061E244
                                                                                                                                                                                                                                                                                            SHA-256:9BE44080146B620A5DACBFE569913BA5467FF4CA94DE8AC5F42A13A674E61AD3
                                                                                                                                                                                                                                                                                            SHA-512:FC0A0DB07AE6DE83029D350FBABEEDDD912D9D65A95B7623CB8806818B13EBA2B96636EA9FAF43A006419F82B9B5F005D294412BF260EEEEC5360F5ECC8A902C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.191 1fbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:42.192 1fbc Recovering log #3.2024/12/18-08:55:42.192 1fbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old~RF32859.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):344
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.245065999669842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFDE9+q2PFi23oH+TcwtnG2tMsIFUt8ORQF13JZmw+ORQF139VkwOFi23oH+TR:72Vi+vdZYebn9GFUt8O2fZ/+O2fNV5wL
                                                                                                                                                                                                                                                                                            MD5:F10C0EF2E0806BD6326BBEFDB74261B5
                                                                                                                                                                                                                                                                                            SHA1:23B0B57ED86C2BA6335CF6E8E9DFDC91C061E244
                                                                                                                                                                                                                                                                                            SHA-256:9BE44080146B620A5DACBFE569913BA5467FF4CA94DE8AC5F42A13A674E61AD3
                                                                                                                                                                                                                                                                                            SHA-512:FC0A0DB07AE6DE83029D350FBABEEDDD912D9D65A95B7623CB8806818B13EBA2B96636EA9FAF43A006419F82B9B5F005D294412BF260EEEEC5360F5ECC8A902C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.191 1fbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:42.192 1fbc Recovering log #3.2024/12/18-08:55:42.192 1fbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2078802800569335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3HFLjL+q2PFi23oH+Tcwt8aPrqIFUt8ORQ3nUKWZmw+ORQ3nCLVkwOFi23oHj:723HRL+vdZYebL3FUt8O23nTW/+O23n4
                                                                                                                                                                                                                                                                                            MD5:8D204A64F5D94FC4D2431AE98921E6FD
                                                                                                                                                                                                                                                                                            SHA1:C83FF61A2C85C338005B3E61508D9B6E63FF757A
                                                                                                                                                                                                                                                                                            SHA-256:2A8E648220BD5FC589AC6A63A4FE944BE9B203045BA954F7F20AA90613C0C56E
                                                                                                                                                                                                                                                                                            SHA-512:F5C6164B8A6A26CD1770AC1C850CAB97D00E1011EB0545E99E932DD17349BF0719D2CB13C0D6F9CEAF508CC0C156C783786B6ECDFB2E2C7814494CA0CAA8CCA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.722 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:52.723 1ecc Recovering log #3.2024/12/18-08:55:52.723 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2078802800569335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3HFLjL+q2PFi23oH+Tcwt8aPrqIFUt8ORQ3nUKWZmw+ORQ3nCLVkwOFi23oHj:723HRL+vdZYebL3FUt8O23nTW/+O23n4
                                                                                                                                                                                                                                                                                            MD5:8D204A64F5D94FC4D2431AE98921E6FD
                                                                                                                                                                                                                                                                                            SHA1:C83FF61A2C85C338005B3E61508D9B6E63FF757A
                                                                                                                                                                                                                                                                                            SHA-256:2A8E648220BD5FC589AC6A63A4FE944BE9B203045BA954F7F20AA90613C0C56E
                                                                                                                                                                                                                                                                                            SHA-512:F5C6164B8A6A26CD1770AC1C850CAB97D00E1011EB0545E99E932DD17349BF0719D2CB13C0D6F9CEAF508CC0C156C783786B6ECDFB2E2C7814494CA0CAA8CCA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.722 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:52.723 1ecc Recovering log #3.2024/12/18-08:55:52.723 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old~RF3517c.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2078802800569335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3HFLjL+q2PFi23oH+Tcwt8aPrqIFUt8ORQ3nUKWZmw+ORQ3nCLVkwOFi23oHj:723HRL+vdZYebL3FUt8O23nTW/+O23n4
                                                                                                                                                                                                                                                                                            MD5:8D204A64F5D94FC4D2431AE98921E6FD
                                                                                                                                                                                                                                                                                            SHA1:C83FF61A2C85C338005B3E61508D9B6E63FF757A
                                                                                                                                                                                                                                                                                            SHA-256:2A8E648220BD5FC589AC6A63A4FE944BE9B203045BA954F7F20AA90613C0C56E
                                                                                                                                                                                                                                                                                            SHA-512:F5C6164B8A6A26CD1770AC1C850CAB97D00E1011EB0545E99E932DD17349BF0719D2CB13C0D6F9CEAF508CC0C156C783786B6ECDFB2E2C7814494CA0CAA8CCA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.722 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:52.723 1ecc Recovering log #3.2024/12/18-08:55:52.723 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.232410929588573
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3DFHL+q2PFi23oH+Tcwt865IFUt8ORQ3DFRKWZmw+ORQ3DFHLVkwOFi23oH+v:723DRL+vdZYeb/WFUt8O23DqW/+O23D4
                                                                                                                                                                                                                                                                                            MD5:02EB61132449CF45A44BBEE81516E632
                                                                                                                                                                                                                                                                                            SHA1:B42B3A314DBF6A4DA3BEE1A5A53D0D48C9D95A0E
                                                                                                                                                                                                                                                                                            SHA-256:A2D978B1A8EACC31BF05D68AE0074A0944910AA49925DD9A85EACAEAEC1742AA
                                                                                                                                                                                                                                                                                            SHA-512:734BC47FE92673487879EEC70EED7C75AE87E8943979C6FB0EAD588A3E4F15F84E849DBC0E1481A24F0698D33A330B792506C1F2BF752CD4B8D0D560DC943BC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.726 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:52.726 1ecc Recovering log #3.2024/12/18-08:55:52.726 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.232410929588573
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3DFHL+q2PFi23oH+Tcwt865IFUt8ORQ3DFRKWZmw+ORQ3DFHLVkwOFi23oH+v:723DRL+vdZYeb/WFUt8O23DqW/+O23D4
                                                                                                                                                                                                                                                                                            MD5:02EB61132449CF45A44BBEE81516E632
                                                                                                                                                                                                                                                                                            SHA1:B42B3A314DBF6A4DA3BEE1A5A53D0D48C9D95A0E
                                                                                                                                                                                                                                                                                            SHA-256:A2D978B1A8EACC31BF05D68AE0074A0944910AA49925DD9A85EACAEAEC1742AA
                                                                                                                                                                                                                                                                                            SHA-512:734BC47FE92673487879EEC70EED7C75AE87E8943979C6FB0EAD588A3E4F15F84E849DBC0E1481A24F0698D33A330B792506C1F2BF752CD4B8D0D560DC943BC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.726 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:52.726 1ecc Recovering log #3.2024/12/18-08:55:52.726 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old~RF3517c.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.232410929588573
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQ3DFHL+q2PFi23oH+Tcwt865IFUt8ORQ3DFRKWZmw+ORQ3DFHLVkwOFi23oH+v:723DRL+vdZYeb/WFUt8O23DqW/+O23D4
                                                                                                                                                                                                                                                                                            MD5:02EB61132449CF45A44BBEE81516E632
                                                                                                                                                                                                                                                                                            SHA1:B42B3A314DBF6A4DA3BEE1A5A53D0D48C9D95A0E
                                                                                                                                                                                                                                                                                            SHA-256:A2D978B1A8EACC31BF05D68AE0074A0944910AA49925DD9A85EACAEAEC1742AA
                                                                                                                                                                                                                                                                                            SHA-512:734BC47FE92673487879EEC70EED7C75AE87E8943979C6FB0EAD588A3E4F15F84E849DBC0E1481A24F0698D33A330B792506C1F2BF752CD4B8D0D560DC943BC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:52.726 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:52.726 1ecc Recovering log #3.2024/12/18-08:55:52.726 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1254
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                            MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                            SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                            SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                            SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.220449750274111
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFuAMq2PFi23oH+Tcwt8NIFUt8ORQFuA9Zmw+ORQFVYkwOFi23oH+Tcwt8+eLJ:72HMvdZYebpFUt8O2H9/+O2PY5wZYeb2
                                                                                                                                                                                                                                                                                            MD5:C57083CDD9E5E838707F3EEB9CECD3AE
                                                                                                                                                                                                                                                                                            SHA1:D81E2F9358DC013C6B86818AF2545E215DCBBEB0
                                                                                                                                                                                                                                                                                            SHA-256:CA3E5252F5CD772C0450012AE55B83C1E82ED590E8231C88BA23DE2E17C3699F
                                                                                                                                                                                                                                                                                            SHA-512:38483BAD69004D43E54045C4493E8F5FB5553C6BCAF36E54FFA14CCDB00A9DE3F2FE02460E7EAB1E10FAB4F27A3147040B693DDFB7F39DDFB77EDB787DF7070D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.301 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:42.301 1f94 Recovering log #3.2024/12/18-08:55:42.302 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.220449750274111
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFuAMq2PFi23oH+Tcwt8NIFUt8ORQFuA9Zmw+ORQFVYkwOFi23oH+Tcwt8+eLJ:72HMvdZYebpFUt8O2H9/+O2PY5wZYeb2
                                                                                                                                                                                                                                                                                            MD5:C57083CDD9E5E838707F3EEB9CECD3AE
                                                                                                                                                                                                                                                                                            SHA1:D81E2F9358DC013C6B86818AF2545E215DCBBEB0
                                                                                                                                                                                                                                                                                            SHA-256:CA3E5252F5CD772C0450012AE55B83C1E82ED590E8231C88BA23DE2E17C3699F
                                                                                                                                                                                                                                                                                            SHA-512:38483BAD69004D43E54045C4493E8F5FB5553C6BCAF36E54FFA14CCDB00A9DE3F2FE02460E7EAB1E10FAB4F27A3147040B693DDFB7F39DDFB77EDB787DF7070D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.301 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:42.301 1f94 Recovering log #3.2024/12/18-08:55:42.302 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old~RF328b7.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.220449750274111
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFuAMq2PFi23oH+Tcwt8NIFUt8ORQFuA9Zmw+ORQFVYkwOFi23oH+Tcwt8+eLJ:72HMvdZYebpFUt8O2H9/+O2PY5wZYeb2
                                                                                                                                                                                                                                                                                            MD5:C57083CDD9E5E838707F3EEB9CECD3AE
                                                                                                                                                                                                                                                                                            SHA1:D81E2F9358DC013C6B86818AF2545E215DCBBEB0
                                                                                                                                                                                                                                                                                            SHA-256:CA3E5252F5CD772C0450012AE55B83C1E82ED590E8231C88BA23DE2E17C3699F
                                                                                                                                                                                                                                                                                            SHA-512:38483BAD69004D43E54045C4493E8F5FB5553C6BCAF36E54FFA14CCDB00A9DE3F2FE02460E7EAB1E10FAB4F27A3147040B693DDFB7F39DDFB77EDB787DF7070D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.301 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:42.301 1f94 Recovering log #3.2024/12/18-08:55:42.302 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.001813661466975454
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEU:/M/xT02z
                                                                                                                                                                                                                                                                                            MD5:0DD594A879462DCB47BC3B8DC015FFA4
                                                                                                                                                                                                                                                                                            SHA1:E2954572BB9190BE0F2B34728F6EB8FC86778BEC
                                                                                                                                                                                                                                                                                            SHA-256:CEFED6B6816CEE6B6E6E3FDF59C9C7B9B20EB32A844E093A7BA55BF19965B643
                                                                                                                                                                                                                                                                                            SHA-512:324332F739ABBE952D64CBB7AC44A96BB3C350B2C3FC60CDE7FE38672E75E91940160545FA3D83E6EE3905E26FF8B861FE79D94D832CAB21183A3A3E52F47671
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):155648
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.5732349336382289
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:+7qgszspWyejzH+bDoYysX0IxQzpkHtpVJNlYDLjGQLBE3CeE0kE+SK:+7eQIhH+bDo3iN0p2TVJkXBBE3ybwK
                                                                                                                                                                                                                                                                                            MD5:B31B039DEA9479673AAA3C1DEC7A2D07
                                                                                                                                                                                                                                                                                            SHA1:7DDD6590AF85DE95D4A27B4E2F381CD29BBEDD6B
                                                                                                                                                                                                                                                                                            SHA-256:532261CF27F22C7B322A55859DD1F48FA27F20D28CE24B86DB92C6180BC05EE2
                                                                                                                                                                                                                                                                                            SHA-512:ECFAF1B5254AA449091655B1B42B6EACA23FF94EA7B95C7B8D777FC8D1EAEE74CD6D3AC69319E431CC02FFE2484E5A7C46E9763A446F493E16530AB13F65684C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.201883473702796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFTaq2PFi23oH+Tcwt8a2jMGIFUt8ORQFTEpZmw+ORQFTGuGB7kwOFi23oH+Tg:72ovdZYeb8EFUt8O2G/+O2IuGZ5wZYek
                                                                                                                                                                                                                                                                                            MD5:0D42A75287C72FFE6775BE45E44C96F2
                                                                                                                                                                                                                                                                                            SHA1:3EFD5184C0B2BD002AB2A771F968EBAB4F4D2640
                                                                                                                                                                                                                                                                                            SHA-256:F8D9417AB97BEE6207590F207555F00E210F2E1995E8F5CD6223946D885219ED
                                                                                                                                                                                                                                                                                            SHA-512:BA72609F1CF158BC24FA9254337614960E18AA5729001FE459064C3248BC00B10CB01F63A08CBBC3A1D7D77C02BEA83F53BF931C82358A682104AFED47A74014
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.619 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:42.621 1cd0 Recovering log #3.2024/12/18-08:55:42.623 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.201883473702796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFTaq2PFi23oH+Tcwt8a2jMGIFUt8ORQFTEpZmw+ORQFTGuGB7kwOFi23oH+Tg:72ovdZYeb8EFUt8O2G/+O2IuGZ5wZYek
                                                                                                                                                                                                                                                                                            MD5:0D42A75287C72FFE6775BE45E44C96F2
                                                                                                                                                                                                                                                                                            SHA1:3EFD5184C0B2BD002AB2A771F968EBAB4F4D2640
                                                                                                                                                                                                                                                                                            SHA-256:F8D9417AB97BEE6207590F207555F00E210F2E1995E8F5CD6223946D885219ED
                                                                                                                                                                                                                                                                                            SHA-512:BA72609F1CF158BC24FA9254337614960E18AA5729001FE459064C3248BC00B10CB01F63A08CBBC3A1D7D77C02BEA83F53BF931C82358A682104AFED47A74014
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.619 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:42.621 1cd0 Recovering log #3.2024/12/18-08:55:42.623 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RF329ef.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.201883473702796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFTaq2PFi23oH+Tcwt8a2jMGIFUt8ORQFTEpZmw+ORQFTGuGB7kwOFi23oH+Tg:72ovdZYeb8EFUt8O2G/+O2IuGZ5wZYek
                                                                                                                                                                                                                                                                                            MD5:0D42A75287C72FFE6775BE45E44C96F2
                                                                                                                                                                                                                                                                                            SHA1:3EFD5184C0B2BD002AB2A771F968EBAB4F4D2640
                                                                                                                                                                                                                                                                                            SHA-256:F8D9417AB97BEE6207590F207555F00E210F2E1995E8F5CD6223946D885219ED
                                                                                                                                                                                                                                                                                            SHA-512:BA72609F1CF158BC24FA9254337614960E18AA5729001FE459064C3248BC00B10CB01F63A08CBBC3A1D7D77C02BEA83F53BF931C82358A682104AFED47A74014
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.619 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:42.621 1cd0 Recovering log #3.2024/12/18-08:55:42.623 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\09b3dda1-cdd6-41f1-9f9b-2e8350a8af14.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\70c3b8ba-a4e8-45d0-a41c-2b37ea0101f5.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):111
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                            MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                            SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                            SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                            SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\82494e1f-1171-49a8-9240-5b8652c547d7.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9a4cc51d-439d-4109-864a-b6f850beb173.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3544b.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3221f.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF32d3b.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF32d6a.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3519c.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c8c2ec5f-9ec3-4076-a0bd-b894957dd9e2.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):61
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d23e9ef3-7c2d-4eca-aa89-aedeeb204b5c.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d3b412ce-36c7-43f9-bcf7-2e2100d1919b.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2d625ac-5d4e-466b-9cf4-d57baa966897.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.123601338821385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gspQcP3CIlN6xykb3o88bV+FX/QAehy93bdMKJ:stMOspQcP3Ci4AbGvQrg9N
                                                                                                                                                                                                                                                                                            MD5:EB0B5D638BF0D0F0CE171E9C094ACE82
                                                                                                                                                                                                                                                                                            SHA1:2E3E0958BAE848F6B23DC1585E6D94BB1C91CC5B
                                                                                                                                                                                                                                                                                            SHA-256:818170445DCBD73C987AD584F5132CDA52429A62904F28AC5AAB82A939CBEBF5
                                                                                                                                                                                                                                                                                            SHA-512:35DE1DDAE77D017C4D0AB4D9A4351037F9D398970886EED46AD2B43915B48486BD22A6B165C5381E61FCBB8DFFF570DE0D5842EE601BA9BEDDD5D477943DBEA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34f3a.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.123601338821385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gspQcP3CIlN6xykb3o88bV+FX/QAehy93bdMKJ:stMOspQcP3Ci4AbGvQrg9N
                                                                                                                                                                                                                                                                                            MD5:EB0B5D638BF0D0F0CE171E9C094ACE82
                                                                                                                                                                                                                                                                                            SHA1:2E3E0958BAE848F6B23DC1585E6D94BB1C91CC5B
                                                                                                                                                                                                                                                                                            SHA-256:818170445DCBD73C987AD584F5132CDA52429A62904F28AC5AAB82A939CBEBF5
                                                                                                                                                                                                                                                                                            SHA-512:35DE1DDAE77D017C4D0AB4D9A4351037F9D398970886EED46AD2B43915B48486BD22A6B165C5381E61FCBB8DFFF570DE0D5842EE601BA9BEDDD5D477943DBEA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c47a.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.123601338821385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gspQcP3CIlN6xykb3o88bV+FX/QAehy93bdMKJ:stMOspQcP3Ci4AbGvQrg9N
                                                                                                                                                                                                                                                                                            MD5:EB0B5D638BF0D0F0CE171E9C094ACE82
                                                                                                                                                                                                                                                                                            SHA1:2E3E0958BAE848F6B23DC1585E6D94BB1C91CC5B
                                                                                                                                                                                                                                                                                            SHA-256:818170445DCBD73C987AD584F5132CDA52429A62904F28AC5AAB82A939CBEBF5
                                                                                                                                                                                                                                                                                            SHA-512:35DE1DDAE77D017C4D0AB4D9A4351037F9D398970886EED46AD2B43915B48486BD22A6B165C5381E61FCBB8DFFF570DE0D5842EE601BA9BEDDD5D477943DBEA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24723
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.56837081781824
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMLgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVziT1ZrwYphtuN:GXWMLgWPf+fhPu1ja+e1q6tC
                                                                                                                                                                                                                                                                                            MD5:FA0DC88894293E1277E6AD7BB53445B7
                                                                                                                                                                                                                                                                                            SHA1:EB057AA8953CE62843B99190AD83CBB830DEC3D4
                                                                                                                                                                                                                                                                                            SHA-256:A9CF29A3613C7174C2088C15E76BDD5B9CF583E430181022236C4CF49B2B2AA4
                                                                                                                                                                                                                                                                                            SHA-512:63E356EF815AFA863268DFF5450A642C0C05053789E3D9D07E8822BEA35E5E3C6C6B56EA580E42C4DB6CFD9C1C1A62C3F7FBA402BC97D1C4BDC591B12DA9557C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF36dee.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24723
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.56837081781824
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMLgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVziT1ZrwYphtuN:GXWMLgWPf+fhPu1ja+e1q6tC
                                                                                                                                                                                                                                                                                            MD5:FA0DC88894293E1277E6AD7BB53445B7
                                                                                                                                                                                                                                                                                            SHA1:EB057AA8953CE62843B99190AD83CBB830DEC3D4
                                                                                                                                                                                                                                                                                            SHA-256:A9CF29A3613C7174C2088C15E76BDD5B9CF583E430181022236C4CF49B2B2AA4
                                                                                                                                                                                                                                                                                            SHA-512:63E356EF815AFA863268DFF5450A642C0C05053789E3D9D07E8822BEA35E5E3C6C6B56EA580E42C4DB6CFD9C1C1A62C3F7FBA402BC97D1C4BDC591B12DA9557C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3bf3a.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24723
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.56837081781824
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GXWMLgWPf+fhP8F1+UoAYDCx9Tuqh0VfUC9xbog/OVziT1ZrwYphtuN:GXWMLgWPf+fhPu1ja+e1q6tC
                                                                                                                                                                                                                                                                                            MD5:FA0DC88894293E1277E6AD7BB53445B7
                                                                                                                                                                                                                                                                                            SHA1:EB057AA8953CE62843B99190AD83CBB830DEC3D4
                                                                                                                                                                                                                                                                                            SHA-256:A9CF29A3613C7174C2088C15E76BDD5B9CF583E430181022236C4CF49B2B2AA4
                                                                                                                                                                                                                                                                                            SHA-512:63E356EF815AFA863268DFF5450A642C0C05053789E3D9D07E8822BEA35E5E3C6C6B56EA580E42C4DB6CFD9C1C1A62C3F7FBA402BC97D1C4BDC591B12DA9557C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003738118652","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003738118652","location":5,"ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.373755031531641
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:S85aEFljljljljlS7B/larlppVjp0IEEEER1EIappVjp/:S+a8ljljljljlSFCpzjP1opzjZ
                                                                                                                                                                                                                                                                                            MD5:77B5B3F20AD94FD9B550B04D68F2A932
                                                                                                                                                                                                                                                                                            SHA1:CDD06668D9FCD949ACD2D32597D257AF11059C08
                                                                                                                                                                                                                                                                                            SHA-256:00D5F293EF428C865DD96705BF614C498AEDDFBF16D015872867330D3D5AD891
                                                                                                                                                                                                                                                                                            SHA-512:1449BBA852DBD360C8BE02B9DF2A8B2D6EA1C572F8F2F129BF35131FCEE19F05237343EFCA17FD9E0FF45FE989B80A1294542573D03EB4738C012BC8E2F5EEAC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................4Y.d................next-map-id.1.Enamespace-1aa45bc9_0085_4c65_a533_08b373f23e40-http://127.0.0.1:8000/.0V.e................V.e................V.e................V.e................V.e....................S...............Enamespace-1aa45bc9_0085_4c65_a533_08b373f23e40-http://127.0.0.1:8000/

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.176485342763383
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQomlSq2PFi23oH+TcwtrQMxIFUt8ORQom7XZmw+ORQomHUxkwOFi23oH+Tcwtf:72DSvdZYebCFUt8O2hX/+O2xy5wZYebf
                                                                                                                                                                                                                                                                                            MD5:1D5A50FDDC2A4AE496514EDCAEF5507B
                                                                                                                                                                                                                                                                                            SHA1:D3659CDF500342E439C81572AAFDA0DDE42F82D1
                                                                                                                                                                                                                                                                                            SHA-256:CD3FF3A6476B61CF6903F65D41E73D68C08C3860730EF9154DD28CB0DA8A76F8
                                                                                                                                                                                                                                                                                            SHA-512:9D920379686A1E4730364008E28C22A61D1C8E02ABC85C63C6C88C71F33B61EB539D2BCAF752B949C3B4432BC433BDC928AD186BAABCE1244EEDC00683EE525B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:38.921 1ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-08:55:38.923 1ee4 Recovering log #3.2024/12/18-08:55:38.928 1ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.176485342763383
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQomlSq2PFi23oH+TcwtrQMxIFUt8ORQom7XZmw+ORQomHUxkwOFi23oH+Tcwtf:72DSvdZYebCFUt8O2hX/+O2xy5wZYebf
                                                                                                                                                                                                                                                                                            MD5:1D5A50FDDC2A4AE496514EDCAEF5507B
                                                                                                                                                                                                                                                                                            SHA1:D3659CDF500342E439C81572AAFDA0DDE42F82D1
                                                                                                                                                                                                                                                                                            SHA-256:CD3FF3A6476B61CF6903F65D41E73D68C08C3860730EF9154DD28CB0DA8A76F8
                                                                                                                                                                                                                                                                                            SHA-512:9D920379686A1E4730364008E28C22A61D1C8E02ABC85C63C6C88C71F33B61EB539D2BCAF752B949C3B4432BC433BDC928AD186BAABCE1244EEDC00683EE525B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:38.921 1ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-08:55:38.923 1ee4 Recovering log #3.2024/12/18-08:55:38.928 1ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379003739882234

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1307
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5040131052826284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:3v6u60hLlXWX3fsFONkF0yo1dD0FSqqOQfhP:3D63fs6kKj04L1
                                                                                                                                                                                                                                                                                            MD5:9B9C7F351F12171466E5A4EF2A173745
                                                                                                                                                                                                                                                                                            SHA1:2BAA6E2604F011175650D30251E950DFEAE06DDE
                                                                                                                                                                                                                                                                                            SHA-256:02B75DC28CBA6B28D74FBDEB95C28D4B8661750CDAED311EBCA5550D8608FCA8
                                                                                                                                                                                                                                                                                            SHA-512:5B1A18847510085592F673B87B7A1F90C0463D8DE4C82465CFC96E00157430BE427C7BC5874BDF7DF972BCFE01E29D308EEEFB250A156EFA8C8C92D0AA105F94
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SNSS..........d..............d......"...d..............d..........d..........d..........d....!.....d..................................d...d1..,......d$...1aa45bc9_0085_4c65_a533_08b373f23e40......d..........d...... ...........d......d..........................d..........................d....A..<......d....'...http://127.0.0.1:8000/d0e2335e/706c4b13.............!...x..................................................................................................._A..)..`A..).. .......8...............0.......................................................V...'...h.t.t.p.:././.1.2.7...0...0...1.:.8.0.0.0./.d.0.e.2.3.3.5.e./.7.0.6.c.4.b.1.3...................................8.......0.......8....................................................................... .......................................................P...$...e.e.7.1.b.2.8.e.-.4.e.e.8.-.4.e.0.f.-.b.9.1.c.-.0.e.f.a.7.0.c.1.d.f.4.3.................P...$...1.1.4.d.4.3.7.a.-.d.d.c.c.-.4.f.a.1.-.b.3.2.5.-.2.e.d.f.a.7.1.6.8.a.a

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379003740014231

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):865
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9591164002900436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:3nGTjllKlqgmFcD/MTD0aPA1tltDGuB7ZymEND6QOmWZkZWglMTrElngmFcc:3nElKkF0E/fo1dDBBodI8WZI2QlFD
                                                                                                                                                                                                                                                                                            MD5:599CD57BFBF4CCCB7EC3CCCBDE1B7D75
                                                                                                                                                                                                                                                                                            SHA1:67865601EA7C8110B7CC46A5A6C7982A1539F25D
                                                                                                                                                                                                                                                                                            SHA-256:48E8289137EC5FBF929BEA7CA902A17339FC899D4682FF30D5AE99A384789901
                                                                                                                                                                                                                                                                                            SHA-512:96F4EC2BAE14D51129DDF843E99E0C514999FD5D40CE086ABA1F4E2DAB6B63A02095B5FDD5B5B01814D9D91A6AC200076A2561C91741B1F398804E7A38B65136
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SNSS..........d......X."./.A..<......d....'...http://127.0.0.1:8000/d0e2335e/706c4b13.............!...x..................................................................................................._A..)..`A..).. .......8...............0.......................................................V...'...h.t.t.p.:././.1.2.7...0...0...1.:.8.0.0.0./.d.0.e.2.3.3.5.e./.7.0.6.c.4.b.1.3...................................8.......0.......8....................................................................... .......................................................P...$...e.e.7.1.b.2.8.e.-.4.e.e.8.-.4.e.0.f.-.b.9.1.c.-.0.e.f.a.7.0.c.1.d.f.4.3.................P...$...1.1.4.d.4.3.7.a.-.d.d.c.c.-.4.f.a.1.-.b.3.2.5.-.2.e.d.f.a.7.1.6.8.a.a.e.................'...http://127.0.0.1:8000/d0e2335e/706c4b13......oW."./..................oW."./..........oW."./................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                            MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.166294892786803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWZq2PFi23oH+Tcwt7Uh2ghZIFUt8ORQFxUjZZmw+ORQFxUjzkwOFi23oH+T8:72gvdZYebIhHh2FUt8O2DUjZ/+O2DUjv
                                                                                                                                                                                                                                                                                            MD5:586C986A227C93E0DE820BB6AAF9644D
                                                                                                                                                                                                                                                                                            SHA1:872D2C1431D82C0CE369B47B1E8C7C469584BE10
                                                                                                                                                                                                                                                                                            SHA-256:FD3F214360A0DE307F951D3288978427478DC4F792279E271848B022BF5A31D1
                                                                                                                                                                                                                                                                                            SHA-512:0C4A8EAB9ABA62C871D6FAF040924FBFF10C72B3A58DE30DB60BAC6EF2D798ED4CD40FE233049664C7E47C9E2545D4E5BC319C5DB5CC3990EE9D24423A9391D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1cf4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:42.148 1cf4 Recovering log #3.2024/12/18-08:55:42.148 1cf4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.166294892786803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWZq2PFi23oH+Tcwt7Uh2ghZIFUt8ORQFxUjZZmw+ORQFxUjzkwOFi23oH+T8:72gvdZYebIhHh2FUt8O2DUjZ/+O2DUjv
                                                                                                                                                                                                                                                                                            MD5:586C986A227C93E0DE820BB6AAF9644D
                                                                                                                                                                                                                                                                                            SHA1:872D2C1431D82C0CE369B47B1E8C7C469584BE10
                                                                                                                                                                                                                                                                                            SHA-256:FD3F214360A0DE307F951D3288978427478DC4F792279E271848B022BF5A31D1
                                                                                                                                                                                                                                                                                            SHA-512:0C4A8EAB9ABA62C871D6FAF040924FBFF10C72B3A58DE30DB60BAC6EF2D798ED4CD40FE233049664C7E47C9E2545D4E5BC319C5DB5CC3990EE9D24423A9391D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1cf4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:42.148 1cf4 Recovering log #3.2024/12/18-08:55:42.148 1cf4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF3281b.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.166294892786803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWZq2PFi23oH+Tcwt7Uh2ghZIFUt8ORQFxUjZZmw+ORQFxUjzkwOFi23oH+T8:72gvdZYebIhHh2FUt8O2DUjZ/+O2DUjv
                                                                                                                                                                                                                                                                                            MD5:586C986A227C93E0DE820BB6AAF9644D
                                                                                                                                                                                                                                                                                            SHA1:872D2C1431D82C0CE369B47B1E8C7C469584BE10
                                                                                                                                                                                                                                                                                            SHA-256:FD3F214360A0DE307F951D3288978427478DC4F792279E271848B022BF5A31D1
                                                                                                                                                                                                                                                                                            SHA-512:0C4A8EAB9ABA62C871D6FAF040924FBFF10C72B3A58DE30DB60BAC6EF2D798ED4CD40FE233049664C7E47C9E2545D4E5BC319C5DB5CC3990EE9D24423A9391D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1cf4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:42.148 1cf4 Recovering log #3.2024/12/18-08:55:42.148 1cf4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):430
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2415919190354865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:721mvdZYebvqBQFUt8O23/+O2I5wZYebvqBvJ:7hbYebvZg8O6tgYebvk
                                                                                                                                                                                                                                                                                            MD5:9CB1EC2A28644EE6135D0C4635DF8805
                                                                                                                                                                                                                                                                                            SHA1:371F55E26B42FE66DA954C143CEB2AEC9AD218EF
                                                                                                                                                                                                                                                                                            SHA-256:463050AD018FDF097D6C54AFD588F417614CCEB6128F07284C3DF6389718B1C5
                                                                                                                                                                                                                                                                                            SHA-512:91B71B719B4B6C6689DE4CCA4FD797DA5F630798C5E9058A712EB8AC177F96B81C3A423B0362D11959C8C789379D920054B6ACD4D7608BA21FDAB2D02B26FACC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:38.913 1f10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:38.919 1f10 Recovering log #3.2024/12/18-08:55:38.950 1f10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):430
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2415919190354865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:721mvdZYebvqBQFUt8O23/+O2I5wZYebvqBvJ:7hbYebvZg8O6tgYebvk
                                                                                                                                                                                                                                                                                            MD5:9CB1EC2A28644EE6135D0C4635DF8805
                                                                                                                                                                                                                                                                                            SHA1:371F55E26B42FE66DA954C143CEB2AEC9AD218EF
                                                                                                                                                                                                                                                                                            SHA-256:463050AD018FDF097D6C54AFD588F417614CCEB6128F07284C3DF6389718B1C5
                                                                                                                                                                                                                                                                                            SHA-512:91B71B719B4B6C6689DE4CCA4FD797DA5F630798C5E9058A712EB8AC177F96B81C3A423B0362D11959C8C789379D920054B6ACD4D7608BA21FDAB2D02B26FACC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:38.913 1f10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:38.919 1f10 Recovering log #3.2024/12/18-08:55:38.950 1f10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\23827ee4-8f1b-4e1b-8a5a-b2d538821874.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4c217490-4cbc-4d14-b18a-4c72303ac76c.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                            MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                            SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                            SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                            SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):80
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.224239414404964
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:72/DAvdZYebvqBZFUt8O2/n/+O2/Z75wZYebvqBaJ:7CObYebvyg8OC7CDgYebvL
                                                                                                                                                                                                                                                                                            MD5:6CA33D8A0D721E61FD9C9489923C02F4
                                                                                                                                                                                                                                                                                            SHA1:BAEBE3C840DE82B6F6CDD2701136D89EA20FE88B
                                                                                                                                                                                                                                                                                            SHA-256:DC19D4AD9A4CEBA34F7A47E4E49A622AC78E493AE2DD8FCDB1AD4CC725818FBE
                                                                                                                                                                                                                                                                                            SHA-512:E6483BA628E3962D5E6C7686A86D6E6DFCF30FDD24FD015AF9E79F0368C5285642AAA1C67E84CAD50B17D111CCCB851253CBCB7608EDAADE7397C1E1077682FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:40.062 1f10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-08:55:40.064 1f10 Recovering log #3.2024/12/18-08:55:40.068 1f10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.224239414404964
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:72/DAvdZYebvqBZFUt8O2/n/+O2/Z75wZYebvqBaJ:7CObYebvyg8OC7CDgYebvL
                                                                                                                                                                                                                                                                                            MD5:6CA33D8A0D721E61FD9C9489923C02F4
                                                                                                                                                                                                                                                                                            SHA1:BAEBE3C840DE82B6F6CDD2701136D89EA20FE88B
                                                                                                                                                                                                                                                                                            SHA-256:DC19D4AD9A4CEBA34F7A47E4E49A622AC78E493AE2DD8FCDB1AD4CC725818FBE
                                                                                                                                                                                                                                                                                            SHA-512:E6483BA628E3962D5E6C7686A86D6E6DFCF30FDD24FD015AF9E79F0368C5285642AAA1C67E84CAD50B17D111CCCB851253CBCB7608EDAADE7397C1E1077682FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:40.062 1f10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-08:55:40.064 1f10 Recovering log #3.2024/12/18-08:55:40.068 1f10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2689837812982505
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWDxq2PFi23oH+TcwtpIFUt8ORQFxA9Zmw+ORQFxAPkwOFi23oH+Tcwta/WLJ:72qxvdZYebmFUt8O2DA9/+O2DAP5wZYM
                                                                                                                                                                                                                                                                                            MD5:4C212C163F7756F5893CA627AA5BC58B
                                                                                                                                                                                                                                                                                            SHA1:353532B5CF7F418015E53249EF68C32A0E23C23D
                                                                                                                                                                                                                                                                                            SHA-256:E477222B89488B6C285C4CB42DD067C53F9325A1408B45F865F68843B5826C62
                                                                                                                                                                                                                                                                                            SHA-512:ED9ABC0B6578C45FD29E0AADCB8D0E9B1306E59A448D6ACD8FF9A6B85F6B17BDA939F8631EB0284EE5B5A5663978950574FAC83E31D770D3CFB3E3D116EFC44E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:42.148 1f94 Recovering log #3.2024/12/18-08:55:42.148 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2689837812982505
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWDxq2PFi23oH+TcwtpIFUt8ORQFxA9Zmw+ORQFxAPkwOFi23oH+Tcwta/WLJ:72qxvdZYebmFUt8O2DA9/+O2DAP5wZYM
                                                                                                                                                                                                                                                                                            MD5:4C212C163F7756F5893CA627AA5BC58B
                                                                                                                                                                                                                                                                                            SHA1:353532B5CF7F418015E53249EF68C32A0E23C23D
                                                                                                                                                                                                                                                                                            SHA-256:E477222B89488B6C285C4CB42DD067C53F9325A1408B45F865F68843B5826C62
                                                                                                                                                                                                                                                                                            SHA-512:ED9ABC0B6578C45FD29E0AADCB8D0E9B1306E59A448D6ACD8FF9A6B85F6B17BDA939F8631EB0284EE5B5A5663978950574FAC83E31D770D3CFB3E3D116EFC44E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:42.148 1f94 Recovering log #3.2024/12/18-08:55:42.148 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF3282a.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2689837812982505
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFWDxq2PFi23oH+TcwtpIFUt8ORQFxA9Zmw+ORQFxAPkwOFi23oH+Tcwta/WLJ:72qxvdZYebmFUt8O2DA9/+O2DAP5wZYM
                                                                                                                                                                                                                                                                                            MD5:4C212C163F7756F5893CA627AA5BC58B
                                                                                                                                                                                                                                                                                            SHA1:353532B5CF7F418015E53249EF68C32A0E23C23D
                                                                                                                                                                                                                                                                                            SHA-256:E477222B89488B6C285C4CB42DD067C53F9325A1408B45F865F68843B5826C62
                                                                                                                                                                                                                                                                                            SHA-512:ED9ABC0B6578C45FD29E0AADCB8D0E9B1306E59A448D6ACD8FF9A6B85F6B17BDA939F8631EB0284EE5B5A5663978950574FAC83E31D770D3CFB3E3D116EFC44E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.147 1f94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:42.148 1f94 Recovering log #3.2024/12/18-08:55:42.148 1f94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):131072
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0033253984321705075
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:ImtVufb0F/JHqGLXl:IiVuzEk
                                                                                                                                                                                                                                                                                            MD5:2BB849C76B5F272A9D18D09DC6BD3143
                                                                                                                                                                                                                                                                                            SHA1:D0F6ED93FC1AE0AFD4EF03745465A7CE5635315A
                                                                                                                                                                                                                                                                                            SHA-256:ECBBAEF37F4B29D9C4300FC7978238FB75C2B8BCB977DB164C4956BF49E46DF4
                                                                                                                                                                                                                                                                                            SHA-512:2D3649837C56CDD97BAFDA8445CEA10CBA26088B1ADAE7A63030A9611EA8DEC2C019AC5B522C96AD8CA22FA6560623DEF25C5E38DE84ED44BB9085D3E4D8B1ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:VLnk.....?.......~W.(..H................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2650551376737138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8/2qOB1nxCkMkSAELyKOMq+8wH0hLUZsrhVum7:Bq+n0Jk9ELyKOMq+8I0hAOJ
                                                                                                                                                                                                                                                                                            MD5:F376F91000D0CB72E659FEAB02A550B4
                                                                                                                                                                                                                                                                                            SHA1:FC3478261A5286B6488B1AA5E6819A47AE9B6E00
                                                                                                                                                                                                                                                                                            SHA-256:5EBCA33BA5ECB2045488286D0ECC4FAA10DA8FA4FAF53E36937F9B3E144256C9
                                                                                                                                                                                                                                                                                            SHA-512:31CF48BF1320EA1805AE8A49E42F02D4C8ED49832ACC94DF37ED21A99B89A8D9EFB9801AE1239079F8FE452AF604D62F1680FF09A5DBDCB6C1CCC1E10E04E0EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11755
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bc73d438-f4ce-4809-8c1c-6ec2cf20f6d3.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c23f6a86-a4c8-4359-a12c-1f43566a2518.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10077
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.126166311931442
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gsYQcDwIlN6xykb3o88bV+FX/QAehy93PPMKJ:stMOsYQcDwi4AbGvQrg93
                                                                                                                                                                                                                                                                                            MD5:02AE2B619F17DAC1E67295A2AE857284
                                                                                                                                                                                                                                                                                            SHA1:627DD475EB0F39C3DFE3DFE2AE52C32C756AA01A
                                                                                                                                                                                                                                                                                            SHA-256:CE40B2B02EA1DA42011AE249C3447ABBC7408C1B342AB04DF37FD0406F205B5A
                                                                                                                                                                                                                                                                                            SHA-512:4999AB94762B30E5B626A9E6CD15387BD2BFF95DE78128F82C8361404188A01E258EB002149546FA73796F51C068FE77E7995BA7F4DAF279B0DA89031F3FA7E2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dc49923c-8c60-42dd-bd48-f254bea9aca2.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef6a42c7-f7ab-472a-be56-1689bfafc549.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.123601338821385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:stMk4gspQcP3CIlN6xykb3o88bV+FX/QAehy93bdMKJ:stMOspQcP3Ci4AbGvQrg9N
                                                                                                                                                                                                                                                                                            MD5:EB0B5D638BF0D0F0CE171E9C094ACE82
                                                                                                                                                                                                                                                                                            SHA1:2E3E0958BAE848F6B23DC1585E6D94BB1C91CC5B
                                                                                                                                                                                                                                                                                            SHA-256:818170445DCBD73C987AD584F5132CDA52429A62904F28AC5AAB82A939CBEBF5
                                                                                                                                                                                                                                                                                            SHA-512:35DE1DDAE77D017C4D0AB4D9A4351037F9D398970886EED46AD2B43915B48486BD22A6B165C5381E61FCBB8DFFF570DE0D5842EE601BA9BEDDD5D477943DBEA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003738625825","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003739641416","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):45056
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4595367335010525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:TSWUYP5/ZrK/AxH1Aj5sAFWZmasamfDsCBjy8UutvZK+vwTxcI5fc:TnUYVAKAFXX+ivo+vEcEc
                                                                                                                                                                                                                                                                                            MD5:6F79C5D5B75695FF5EB071EC9EF6FD7E
                                                                                                                                                                                                                                                                                            SHA1:66E90D61EFE81C0613C735B483288605D9A2EBFB
                                                                                                                                                                                                                                                                                            SHA-256:2D8D5FD5C8B14F017B001BBFBEDFEF851A53C5FF22CD198585430A449E7086B4
                                                                                                                                                                                                                                                                                            SHA-512:90910C0165896FCDD3A5EE3B4EA5C13CD2ACEC199DFAB261AED6AA39BAC0FB7431492D13E105C3239D4C42FA5CA2A5266235AEDD805107244EADDE0FA3E355C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.05403997541350966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:GtStutVLBiltStutVLBBR9XjhslotGLNl0ml/Vl/XoQXEl:MtVLBilztVLBBL1EjVl/PvoQ
                                                                                                                                                                                                                                                                                            MD5:21356AEA6838FBC4CB068C317905F331
                                                                                                                                                                                                                                                                                            SHA1:D198246B8AE7E7AEBDFB47D114C302D21EF70FF8
                                                                                                                                                                                                                                                                                            SHA-256:312149C787CC98876ADE745C817279E6FC3AC93FEB84E1F21450A93740629935
                                                                                                                                                                                                                                                                                            SHA-512:F7EB1A2AF5D1647A34B4A7D8EE4B5E5ECAE6CC29E51F76949F0BA7A04487439C770A01ADAA35A84533350060D27C4FD6C3CCD29914708E6CFC13DE57AEF09430
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..-...........................1...^..6Wy.q.4.....-...........................1...^..6Wy.q.4...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):86552
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.8710758096755215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YAzxqlO+AcbX+6n9VAKAFXX+812VAKAFXX+WQxOqVAKAFXX+PvnUYVAKAFXX+DPv:1xCKrNsGNshO5NsPuNsDPhKvpvk
                                                                                                                                                                                                                                                                                            MD5:A5E3917D388666A7D950695949B80D29
                                                                                                                                                                                                                                                                                            SHA1:5F1EB7B8C42BC79910C5511FAAD63A83E5F90F15
                                                                                                                                                                                                                                                                                            SHA-256:16E4842D1BCD7A344F3F067F56E7A3B6FB93B6FC38CD9B83DCBA643E6CF1366A
                                                                                                                                                                                                                                                                                            SHA-512:77A8A32C6580632F2D0F0928C007FC6E278F521F3F4A359D234BF9EABAD65D67CEA9472EF78E72D26733592E176CF97BD2B3F3CDE9F993D253B6B7E74F7D5A67
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:7....-............^..6W3...B!N...........^..6W..&#_.V.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):495
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.480320280688436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/XntM+1l3sedhOnQyOuuuuuuuuuuuuuuuuXl4sedhOv:dlc8CdOuuuuuuuuuuuuuuuuXlh8y
                                                                                                                                                                                                                                                                                            MD5:3E407B635B1081E00C8A7F45A2600CC9
                                                                                                                                                                                                                                                                                            SHA1:A26AD5AD8AA8DD669F09EE958BF274BC95455537
                                                                                                                                                                                                                                                                                            SHA-256:6AFBCA943B2C5F7BF39B03D817DB289F543FD8E662F35B1DC4AE045B01FECA97
                                                                                                                                                                                                                                                                                            SHA-512:58B0906204857CA046C52296B1F0FDAB34D12602B689166619C76722A9606A137BBE2416FF69DF521C5FC0FBFA208C3810BB896C4C1BEE887306BD576B81AE75
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:A..r.................20_1_1...1.,U.................20_1_1...1x...0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............0.G.0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.239605652160921
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFZ3+q2PFi23oH+TcwtfrK+IFUt8ORQFbXZmw+ORQFy3VkwOFi23oH+TcwtfrF:72fOvdZYeb23FUt8O2x/+O2M5wZYeb3J
                                                                                                                                                                                                                                                                                            MD5:94B8809D1E84B8AF874E5BD2FA5EE0F0
                                                                                                                                                                                                                                                                                            SHA1:7DE8613A8B74D0B4579EC33C27D23DC835C1EBA0
                                                                                                                                                                                                                                                                                            SHA-256:21C92DFB67587D13792917F79C27E73A4844E1F8DFDB01A0E23F316C056032D5
                                                                                                                                                                                                                                                                                            SHA-512:5936DB0EF6BE28ADDA7CEB3C36E37F1E95B5C11EDC263D156F7D719709DADC4F80092067B9E4A11EA3437EC65C1A2FDD9CE56EC7FE28A3CAD26D205337DC00A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.310 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:42.312 1fa8 Recovering log #3.2024/12/18-08:55:42.319 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.239605652160921
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFZ3+q2PFi23oH+TcwtfrK+IFUt8ORQFbXZmw+ORQFy3VkwOFi23oH+TcwtfrF:72fOvdZYeb23FUt8O2x/+O2M5wZYeb3J
                                                                                                                                                                                                                                                                                            MD5:94B8809D1E84B8AF874E5BD2FA5EE0F0
                                                                                                                                                                                                                                                                                            SHA1:7DE8613A8B74D0B4579EC33C27D23DC835C1EBA0
                                                                                                                                                                                                                                                                                            SHA-256:21C92DFB67587D13792917F79C27E73A4844E1F8DFDB01A0E23F316C056032D5
                                                                                                                                                                                                                                                                                            SHA-512:5936DB0EF6BE28ADDA7CEB3C36E37F1E95B5C11EDC263D156F7D719709DADC4F80092067B9E4A11EA3437EC65C1A2FDD9CE56EC7FE28A3CAD26D205337DC00A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.310 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:42.312 1fa8 Recovering log #3.2024/12/18-08:55:42.319 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old~RF328c6.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):320
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.239605652160921
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFZ3+q2PFi23oH+TcwtfrK+IFUt8ORQFbXZmw+ORQFy3VkwOFi23oH+TcwtfrF:72fOvdZYeb23FUt8O2x/+O2M5wZYeb3J
                                                                                                                                                                                                                                                                                            MD5:94B8809D1E84B8AF874E5BD2FA5EE0F0
                                                                                                                                                                                                                                                                                            SHA1:7DE8613A8B74D0B4579EC33C27D23DC835C1EBA0
                                                                                                                                                                                                                                                                                            SHA-256:21C92DFB67587D13792917F79C27E73A4844E1F8DFDB01A0E23F316C056032D5
                                                                                                                                                                                                                                                                                            SHA-512:5936DB0EF6BE28ADDA7CEB3C36E37F1E95B5C11EDC263D156F7D719709DADC4F80092067B9E4A11EA3437EC65C1A2FDD9CE56EC7FE28A3CAD26D205337DC00A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.310 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:42.312 1fa8 Recovering log #3.2024/12/18-08:55:42.319 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):787
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                            MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                            SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                            SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                            SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.243518896098638
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFe+q2PFi23oH+TcwtfrzAdIFUt8ORQFYcZmw+ORQFYcVkwOFi23oH+Tcwtfrm:721vdZYeb9FUt8O2r/+O2h5wZYeb2J
                                                                                                                                                                                                                                                                                            MD5:C9F3984558234851F9CA70284B38D31E
                                                                                                                                                                                                                                                                                            SHA1:6036C20B18913C9395BEE37865BB469397B794AF
                                                                                                                                                                                                                                                                                            SHA-256:88EEA03F26C123058D5E069904E039D8E522B7632A62C88E38BB585B1813F23D
                                                                                                                                                                                                                                                                                            SHA-512:2205A108BE7A7E5D3207CBA8EDA3712E505F4EAB454D32D1DE9B3CA1C9D88F7C88F96365600250E733923CC87FAB34C2B531C8744BE630513604683261DC6FCA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.306 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:42.307 1fa8 Recovering log #3.2024/12/18-08:55:42.307 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.243518896098638
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFe+q2PFi23oH+TcwtfrzAdIFUt8ORQFYcZmw+ORQFYcVkwOFi23oH+Tcwtfrm:721vdZYeb9FUt8O2r/+O2h5wZYeb2J
                                                                                                                                                                                                                                                                                            MD5:C9F3984558234851F9CA70284B38D31E
                                                                                                                                                                                                                                                                                            SHA1:6036C20B18913C9395BEE37865BB469397B794AF
                                                                                                                                                                                                                                                                                            SHA-256:88EEA03F26C123058D5E069904E039D8E522B7632A62C88E38BB585B1813F23D
                                                                                                                                                                                                                                                                                            SHA-512:2205A108BE7A7E5D3207CBA8EDA3712E505F4EAB454D32D1DE9B3CA1C9D88F7C88F96365600250E733923CC87FAB34C2B531C8744BE630513604683261DC6FCA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.306 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:42.307 1fa8 Recovering log #3.2024/12/18-08:55:42.307 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old~RF328c6.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.243518896098638
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:7RQFe+q2PFi23oH+TcwtfrzAdIFUt8ORQFYcZmw+ORQFYcVkwOFi23oH+Tcwtfrm:721vdZYeb9FUt8O2r/+O2h5wZYeb2J
                                                                                                                                                                                                                                                                                            MD5:C9F3984558234851F9CA70284B38D31E
                                                                                                                                                                                                                                                                                            SHA1:6036C20B18913C9395BEE37865BB469397B794AF
                                                                                                                                                                                                                                                                                            SHA-256:88EEA03F26C123058D5E069904E039D8E522B7632A62C88E38BB585B1813F23D
                                                                                                                                                                                                                                                                                            SHA-512:2205A108BE7A7E5D3207CBA8EDA3712E505F4EAB454D32D1DE9B3CA1C9D88F7C88F96365600250E733923CC87FAB34C2B531C8744BE630513604683261DC6FCA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2024/12/18-08:55:42.306 1fa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:42.307 1fa8 Recovering log #3.2024/12/18-08:55:42.307 1fa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEdd+ll:/M/xT02zI+l
                                                                                                                                                                                                                                                                                            MD5:D6BCCA5E40910A2274FDA74C3FED7949
                                                                                                                                                                                                                                                                                            SHA1:C1795ADA88C6735D0D5E0A33DFBDAB7CF79CC276
                                                                                                                                                                                                                                                                                            SHA-256:58D5EBBAC70F23265407E94190C358EBE74E782540289D2D5BD17EB998A9ADB6
                                                                                                                                                                                                                                                                                            SHA-512:84157C619E4F69E317E56A28BAEDEF6CCBA7F3FF2B1A18108BDBA594116B03CFE62C779AA4C069EECF4E82572C77EB0CC23BC2AC338C56870EC08A8683E3B2A3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE89ll:/M/xT02zfl
                                                                                                                                                                                                                                                                                            MD5:D2CF0A07E871CA9263E97284BCCE5FFF
                                                                                                                                                                                                                                                                                            SHA1:5BDE4D3E6F17B58988A9DC3C96A5CD3A9907E9F1
                                                                                                                                                                                                                                                                                            SHA-256:7BAD3D2C997A915875A8A45307C6BD9917E110749A28DE21D465166834F59718
                                                                                                                                                                                                                                                                                            SHA-512:78B711D4679CD7F2586F77DA0C47B0C15A9DCA87F5B0AF9185C5D06A1D1E16B65720CAE90A107AACFC66F455DFB370723B225AC62981ECAD99CF7346B7CB2214
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):120
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31907.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31f7f.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32116.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF328b7.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34f98.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4127b.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43978
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.091559729189705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWzUXqgfb/4tXLz40PhIUpQYqGwLWZkHUfG6kCvoZ:z/Ps+wsI7ynDst3FqfyW0e6kaoZ
                                                                                                                                                                                                                                                                                            MD5:5F2FF22DAC2A65716E8E89EBF77DEA72
                                                                                                                                                                                                                                                                                            SHA1:587AE62A2173300743BA1FBCC8BF024AAF0EFA1D
                                                                                                                                                                                                                                                                                            SHA-256:672F63F5441A1E29175DE03DC8F04872AD63A6B33CE7C9ABA3C338D486132174
                                                                                                                                                                                                                                                                                            SHA-512:8B6D251BFE7BA55EE43F7F03C5591F477668336D8F50A22690C9F4EDBFD84D70B963C9E55CC0A19B8B0CC4F2E3742890289F177C003FA0419463929B8B716BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEidKlll:/M/xT02zXI/
                                                                                                                                                                                                                                                                                            MD5:A888DCD4DD5B4C292A6220081770396E
                                                                                                                                                                                                                                                                                            SHA1:09E215C83B8059AEF6EB127BC1B05DADB8247902
                                                                                                                                                                                                                                                                                            SHA-256:C3A5421EFAEC3C97B3F74899D752F9FCCF1E5C47FB12335B0938498426CD67E9
                                                                                                                                                                                                                                                                                            SHA-512:C47540BBD708FAD45FA7FE20E82FA05A6870D8B483FC483D6354820683A0DBE0B085C3CD1D91CC3236DFAEF2A28794C6DCD4BE72D4FCD27F7C7CA99BAD2A2E1F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):86
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                            MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                            SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                            SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                            SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a5176630-048b-42f4-88c6-841d635b43a0.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):48212
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.095171693402655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:uDXzgWPsj/qlGJqIY8GB4xKTaGUXqgfbwDtm2N9zP9l6l+d8GPA1UQYqGwLWZkHC:u/Ps+wsI7yOKTWEZvzL6lP6qfyW0e6k4
                                                                                                                                                                                                                                                                                            MD5:0921C8A22A0714849101D4A17C686D97
                                                                                                                                                                                                                                                                                            SHA1:D99B19DCAB474A32FE07B1AC75ED4F26E3B1B0CE
                                                                                                                                                                                                                                                                                            SHA-256:44D3752E4C05B727F6F193627E8BC97D1DB8548D27E0AD49032704A8B40EEB75
                                                                                                                                                                                                                                                                                            SHA-512:A50526B86558859973DBB43CE69B859F3BC2D1B52B011799C668248F424DEB0FA7231594CDD0618E0795010167772C228F33BF0CE07AF812AFD3B3CD076C65A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530139"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6bcaed4-f0a2-46d2-8bfb-5432db302ee6.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):45260
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.093462127188524
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:uDXzgWPsj/qlGJqIY8GB4xKTaGUXqgfbwDt0nXUMEkANAUQYqGwLWZkHUfG6kCvb:u/Ps+wsI7yOKTWEZ06qfyW0e6kaoU
                                                                                                                                                                                                                                                                                            MD5:8DCFF3733EF9FD53877EEA1255F77000
                                                                                                                                                                                                                                                                                            SHA1:A81D0051518466E16FD96472691261551CD0D82E
                                                                                                                                                                                                                                                                                            SHA-256:7E8649DE6A242268F97F6AEFA8549D31DE3165FF4E5EDF863062F78EAB544471
                                                                                                                                                                                                                                                                                            SHA-512:17CC29F7116C6D81252E75332C6B0561ED9B34D64ADF5C31AB5E52ED104BA8E28269CEC7A2C21046E866602BA15DD9C79068203491047ACAB5661591CD069A28
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530139"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f79d2132-3b16-424d-af65-96380ae1ddf4.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):45139
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.084353189699189
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:9MkbJrT8IeQc5dKTaGUXqgfbk+tDf61GPjWWTvxYJCvoUQYqGwLWZkHUfG675:9Mk1rT8H1KTWpt21ExQao6qfyW0e69
                                                                                                                                                                                                                                                                                            MD5:81ADC829BA8374383AC9FC58B6FEC448
                                                                                                                                                                                                                                                                                            SHA1:0E4F032516947F98673629F0272A76A719502FF4
                                                                                                                                                                                                                                                                                            SHA-256:24831051257AA3F79D04DDACEA0578B4C3BFEF6D41F59A80D86E1349D1871D8A
                                                                                                                                                                                                                                                                                            SHA-512:C23421418F52110761ACB6E1C68CE16045F7B1D8C0AF7D2DAA800D07F1FB76EBAFC4219C1C51188E0A9889E774CC2BAA89528D57659336888B82868F0F80263F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530139"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2278
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8310397835014425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:uiTrlKxrgxkSxl9Il8uO0dur7/6Be2nDl0d1rc:mAY00dur7/6Be2nDlz
                                                                                                                                                                                                                                                                                            MD5:3B0CAD47649B8BED37E7A2702491849E
                                                                                                                                                                                                                                                                                            SHA1:FD6A6A4555E2829BFAD85463FCD1B43208460163
                                                                                                                                                                                                                                                                                            SHA-256:75E80BF39D170EEA155207D7DABFD4F262892244AA8D7650D48B6E9163D68087
                                                                                                                                                                                                                                                                                            SHA-512:778DE1BB3F7619BB9EA12C7B080E771BEA50257D90B8F153E593EE34973924840B39CF3BE1A068666A837DA350818A293DAFD42221CAF71506B13D32C45DAD86
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.O.2.X.9.F.x.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.C.1.F.5.I.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4622
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.0005538420577
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:WYBsxpDQd5Vr5x8KpXvtp8WGxzWGUG7YOheqswP:WssxNQL1pb83xzWGj7B1DP
                                                                                                                                                                                                                                                                                            MD5:B859313B9AF5D477A910FB44F2F0C172
                                                                                                                                                                                                                                                                                            SHA1:EA2DC63321AE7532D7CE1B4CB30C0510E4B9267C
                                                                                                                                                                                                                                                                                            SHA-256:6279A9ED015740DC2CAAD7D660FB7A0EFBCD9F9CA13FD0E5520A34FF6607ADDB
                                                                                                                                                                                                                                                                                            SHA-512:9E82CD477F221156619AC13604430A396AF602644446A85B539A44F2B9DD60E75755DF5775E87A86FC8824F9C307105E7661091BDE7D61B1D7E4A02DF867EA1E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".t.+.D.w.2.l.R.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.C.1.F.5.I.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2684
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9106262189710286
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:uiTrlKx68Wa7xKxl9Il8utjs0J0mIC4ghn/ZM2bwheCFBpHyGDkBd/vc:aYYns014ECFfFF
                                                                                                                                                                                                                                                                                            MD5:92B3E86508156EDD29F5C2E4292542C2
                                                                                                                                                                                                                                                                                            SHA1:BE467B4E307B440B10FC61D1B8D174259ABB1E33
                                                                                                                                                                                                                                                                                            SHA-256:618466E24866D0BDEB7FFF313857AB5192E22098A59D300981C77950ED2C49ED
                                                                                                                                                                                                                                                                                            SHA-512:5B75F73FC5D769464930B77AA23828179D8ADA31A8EE31D8A28669A7D8EFB8F59E258DABE5AEADAA3922C2E2539BD9581B3E7351B19C686CBD5EBA24D8FD7EF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".K.V.V.k./.i.V.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.C.1.F.5.I.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\010ef271-d74a-4857-b30d-da20c3c0abfe.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\0d5b3731-22ad-4765-bbee-df9676f59580.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\378864\Senegal.com

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):1065128
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.43820773264071
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:SAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:SALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt
                                                                                                                                                                                                                                                                                            MD5:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                            SHA1:03678170AADF6BAB2AC2B742F5EA2FD1B11FECA3
                                                                                                                                                                                                                                                                                            SHA-256:69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353
                                                                                                                                                                                                                                                                                            SHA-512:3357CB6468C15A10D5E3F1912349D7AF180F7BD4C83D7B0FD1A719A0422E90D52BE34D9583C99ABECCDB5337595B292A2AA025727895565F3A6432CAB46148DE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.Win32.Malware-gen.8775.19492.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: O8scEm3rJN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: KeyFormed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: wWk9NkXYcL.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: eSLlhErJ0q.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: 7CTH165fQv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......^.........."......:...(.......R.........@.........................................`...@...............@..............................[..|.......h....@..To...$..........t....p......................X...(...0p...............P..8............................text....9.......:.................. ..`.rdata...A...P...B...>..............@..@.data...P........P..................@....pdata..To...@...p..................@..@.rsrc...h............@..............@..@.reloc..t...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\378864\k

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):758279
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999775737286553
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:CvjdztLpGbetr2gGfsytiF1vCRkI5DswO3z8Cze5m0T1IcaNMDenqIvqHqtpRb:mjdcetTGUbZqtOomeZp4NMGGqtH
                                                                                                                                                                                                                                                                                            MD5:8C8B9C8E4B64A96E18A95F30370081FF
                                                                                                                                                                                                                                                                                            SHA1:F3B39D8E456B497EB03054E20F88223BB090041D
                                                                                                                                                                                                                                                                                            SHA-256:1E54F4C4A4D077A9753B1925D95A8304824CE38EAC00DFE15E429E0840CAA362
                                                                                                                                                                                                                                                                                            SHA-512:301AE61945512D837C3209CD74141264807B14BA7C664FA0C0E60C4C3578F045B5A84704BCC11E389771C69CD5AD3EC61A689835F7DFC2E0E0475975B5C40E32
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.C...._j.I@l.\..1aF..K....05 ag.V.wq1.c...R.A?.J..k...@<.|.)J+.e.{.#..p.+%]S...U.F..p...65.t.p..o...U&/......}>.w.....tX.R.....".........FI..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....N.;.'.F...h.............X7......X7......kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..}."..,P..Myn.2..t.W....:...fo!.r.'oX7..m...X7......m......c....5...x..2).U.j.....>..#.~.<....)....-..Tv..<N..*,..~......=.G...`.v9 .../}._...V()Rw.!..L.a.7g..'.X.wf...2.}.....bxy..a..'.....W.%.{....b.J.H}.?_..z..SX.1..Jy,..L.........FrC..wWgS..D.H..?@...H...f.2..~!....=p..Z0CH.......=..2D.BP...m1+5..L..|o.+.{.....an.A..;Y:...R.Si....t..`(..D...v~..g..s.....7={^.....o.^..,uGL...)...5x...Q.0...a.dpFOQ

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Acute

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):72704
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997525818938249
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:CCGZwJnEY6ZQWy8reJS67zQ4XuGOjcSXXEoRey5TWxEAWyT/8A8tK39:gSg6creMbpGOjcSX3Yy5ixbf0ZtKN
                                                                                                                                                                                                                                                                                            MD5:4728A5C2910E45F64A459F347AEB9DEE
                                                                                                                                                                                                                                                                                            SHA1:74119B5F26263E74501D04049581E0ACB2227E4E
                                                                                                                                                                                                                                                                                            SHA-256:B9A683825711A060797B46682A55B7B502197ADCDE08D3B4D8F9B55283A9892C
                                                                                                                                                                                                                                                                                            SHA-512:83A6D1CAF5B71EC39033810C451840C23713A5A3FADAADA4F0D0420271F94E5A93F1CA12E011DB94F7CC54609A0AF0244B6A46558B05566496C94268628AB217
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:..].CY@..j.H].......OM...L..I;Sj...@^[\<-.2+..o.o...;....I...9...<\}.<30<.......}.F../).6.......&H....|..T.....E......2..]...$%.lLlW...rG.0...W....!U.J...PC.M.;....r3YA..sx.ee...4.>P]..k.>....a...0..$vQi..d/...;5..8.H.H....'...ny..WH.....]B.).i....E.o.f.$.f..`z...p].-.:.e...z.W.}..f..1}...D..(.a....'.3|i...WM]..W...0.....(..C.....'..9...i..51.A..0..........}0.x.....|.%.=.[D..|....N.. ..t...X[......1....z;.`..Ar..x..#..jI..b.^....jX....v.......U....Vn.RY..~_N@zt..&..........O.M. ..U..!..Ap..P. .*J.Ld.|.8....hg.`e..[....#9XO.C....2..p. 3{...h1..AB._g..q.W.u.....!Q.%_...S.T.<......&..U..*.S..D.!.}.+J.`..y[..$*2.xl....Y.'.O.........!....#..f..X..K+E...q=*1.._....Acu.+..Y.....3J.V...(g........xz ...2~....h.6S..^.Z.*)a/....X.m ./-...8...N..D.L^.Nm...>.Cw.......oa{.~..kt...R..);u.Q...M.X.zf.$.N.N.|.R4.s..Y...V....X..._.0E3G!..,..E;'....~..x..~.l0519 ..d......4...t.EQ...oG..6""...\..YS.6<c...o$...T..1..5.*R.s,..pxF........|=H.7...B....Y

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Chambers

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996230820499597
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:trN8C4c5vcmvdITVRzLdQLQ0fcr5hxya0eLe:t5T4UjvdYrndQvobsL2e
                                                                                                                                                                                                                                                                                            MD5:AC4E070D9ADAA7BFDAC88FDC1CC89C37
                                                                                                                                                                                                                                                                                            SHA1:4D82D077E0C4767BC4E5900E3227E82368FB2930
                                                                                                                                                                                                                                                                                            SHA-256:508928CB4034430C4015E9FB4BF7DFC69F9588D21D320F3170E45D4232B47445
                                                                                                                                                                                                                                                                                            SHA-512:71F239A2B7CAFD1F90C9B92574CE0BC3A45B9A5020AE1BA88E4D57A8090E30E45E563EE10BC8B4755FABE2783FEAF02340907D415C8AEA1B20DC3B029436B45D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..*i...R^...+.Bb78.W...0....m.....b3...X..[.0.|.....S..s.u...V..}......+.Jl....,..Q.../o;.x.M..z....F...1W.N...|f."....z..s?...m.3.=.......c..v..)$?3?...4).......p[/.2.aJ.QB.@.W.1.....X.U.......(u...|L.+.W.Hx..]p0..y.RT4.x.%...n.]b..7....<.......2&.n&..m........7..IO.......>B~.x]-.....C.S..7.4......5.DL.+.*.#N%.F...<.....z.....Z.n.....1..G.4d_....$...*X..O..m.......2.&;.dT..X."xn.....B..y....m...uz..t....dG.\.?...f.N.(..r1+m...X(5.g.Mw..]t.=g.$...'.....N+3.Ej.;.=.~..p......oW.O.?..a.[...izZ.r..}7>.. F.(..n...<..^.3)H...P.......$....n..AI...2.U\...Yi....)......1(.{'7......n.[..h.b.%`..H..3~...O..gaxh.2~..p.<....h~..Yu..y&.{rD.4......P-F.PIU..5G.vP..[...}h..}.Z...#..6...q...c...W........A..-.Z...L..e{g.~.H)c....%.O.....n..R...Rp...y.._g_...9....+.U..l....o[.bZP`.=.O..X...]...g>^...*.W..b>1`OL.a.I....2... '.`4.b..>JE.P...)...G.........py..;.Va..{.P.e.M...w..&....&.[>....s.......\..1...KW^Y!.y.]..0H..j...*d."..e<.1.#.iQ..{.....].....].

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Choices

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):71680
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997226100184841
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:SMignnUyJNJiHxdCmgiFQeQNrvUvglP1253+e+7o7/eMmNKi:7nUyARwh1eQ2vQt2tBeT
                                                                                                                                                                                                                                                                                            MD5:8455F6E4B64FAC28AD62B4F539152F02
                                                                                                                                                                                                                                                                                            SHA1:A01D829BFD93052A81986C3132CB177B4618DD1F
                                                                                                                                                                                                                                                                                            SHA-256:1ED175802837AB4E856DDF0D0B6D1538035EE553188F3055B7096E7D8D2E2B77
                                                                                                                                                                                                                                                                                            SHA-512:B5BA02A0FEAE8E30474C1F579FD1703C7425A9AF57F5F358C37C86921143551E83BF71041E6EB5EF3322FE8770565367B9394152ED0BC49B14C940B39B1B4E99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..].\..\L..3 ....w.o.O..yV,......I]........HC4.c-{a...zK..'..2.{.%g..w[..3..3..l..2(u.p .........j..e;i....&J-(.S.5.,D.%...Og}DX... Kv..._L...G...4....Kbz.)).iC."..4...*K.....y.N9.....C.Y.'\.O^p9...z.b&.4.?.nVhZ{..^.....%.]y..\L.m......:J~.Q.{..H*Q.@...9...;c....M.C..]....T.!-...3.81.s..$.....h..a.?.1.3.7.-....".....]G.F.?...n..r2..8.]..@..Q.I..b.........r<....>..3.6....,.z.r.z.......{2..i.%......A.h...,BT@.&...o}.....O.zw.t..}.........h..h.k.Jc).>v0'..%.T...n....XSb.aCc...HDh...I........D.'....6....yL.....pS......Ar....!.....kp.t...5.m.)N8...7k......G../..]:.......z.....C.c...u.j4A..H.....q..F...?D.P$g.C{.....(..G...d..v6.*...C...B..W.w......b.-.K.r15U.)....._kkD....?...w.*.a.P.M...:o.%r.2&g.C...`..8+..Kb...0.;.+O.>.tJ.....-wn.ETNT.G.......%.8.d.n.....W]..m.....E..%.....'.`.to.,y. 7...->.z?....3.uQ.]YT.l.e.Fg.......1..J.[....2o./.Spy..u}....L.5.ub.9........&....78P|...b..rA.~F.n.J./..x..Q7.v.oQ.....9j#..F.@.r&(E.xxjGU'E....X.S.`....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Denied

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):75776
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9971219641886595
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:l9TybXjKlagWGR9QDVGJwYWhVw2z2NQdFSMTkefMW3f8yraUD8Z6l:l9TeGla69QDcJwTzUcnSUDnl
                                                                                                                                                                                                                                                                                            MD5:69EA2CECBD03AB3136986F7FCC55616A
                                                                                                                                                                                                                                                                                            SHA1:073F383D35A59FFB3FB9E059056EFD222EDA1972
                                                                                                                                                                                                                                                                                            SHA-256:05DEE728D8CB331FADAD54E537568887A5411E43143204E08B578212657F0899
                                                                                                                                                                                                                                                                                            SHA-512:16B552655B952BE7D7C725BA06E39B52A2A3D2ACB0C71918AE1BF7360E579FA004E5802027E30E6BC2AA47BCEAB2E31E878D15B56C94624C8E76E1EC2E81FFF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...}..eb..o.ce$.......]....!..8.sj..L.n*..Z/f...R....z.rP....c..".I.jC....0.s.........IYu.....<.Ud..%....j..!.....;....^/5..-....dj.>.5,6B_..Y..>kn...U..nx.9..;V.x^@..^.^...@.,../.z.zw.bu4]..Of.&..P.gZ.+.......M..._>.q....R..k!......L.)b..2...._n]]..};~.h..ET.t.o.a3.Sp..X..]U.>Q.kpR..0.9}.-....U|..W.'..1R..0.r...|..q}m..\.N..9...!...=...Y....v."n.Cm...g.<.NI.Rh..@p)....QO@.....U.h..............AH..`...>iw.<.,.V.;....y..WP%{....S..a.....o.J..c.{..]......r.0.1q..Ls.P%.a......6+..."Gv..%3..y;...-4.!.&...g.p.xt..grx...*......I...!#l.....x-.....Jr..K.m.yxi.....y..E..Ik[.......e.SJ..5J..,..Y. ..I.|\P.T.jd-.?..#..].AO.....:.@....k....3{h.m...1n'.....t:X.....A?m../.o.Ik.Z.y.'k....%...Y..[)....\07.`-.{V.0Za.2.......k.z..p@.Y.O..T|{....!.i.u.N..@Zw..MS.|H..Ihk......d..Z...,.p.....Z.l.`.......W#2.^g.<..7.8..G....s....E....W.>.yww(........}.m7S8.G|.EuX..~..RI2A.L...j..G..?~^......pDO.TG...B...~.]..i..!......=[K......E.F.t..GvP.z...O.~-1Z...i.*)>

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Elite

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):63488
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996943386183163
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:H+9Z3kMoUeGk6brMtpE6LXoiqGDFXu2JwEDK427exVeMJd0Tdqvf0pSqbX8pmFqI:GyMo8z3DYXnqGpDK4aMJdmdLkq9Nx86
                                                                                                                                                                                                                                                                                            MD5:9AFA24A15ACE517ACF8860363EB5F78B
                                                                                                                                                                                                                                                                                            SHA1:437E25A0A6BE0B482DBEC01B773F0FD3B08BEA50
                                                                                                                                                                                                                                                                                            SHA-256:F951119261E778B073B284FB1BE9A4E9461237000523E7F37249CFC6A7ACBE4D
                                                                                                                                                                                                                                                                                            SHA-512:74A1F6459DFB9D2A5DB89EC543DDEDED1AFFD2601A92F610D87C2CA5CC992F5D5C750B89ACCAAD6A2868BD4E84500E99503B7B9E083080466111C9A9EF1B7B27
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:X..$`H..4^M......@..C...K.:....{pk.t.8.k].+.......y4.J....h+.{..T.Z..;W..BpH..G....`..B...2ZD.....V...h6....P\.~.........v.%5$..3Mo.Qvf.K.OQ.~....i.c....8Vf.D`,!3.'4`.[....F..,....z......*.;0.?...9M.....p.k.fA..P...It.R.......\4)[.C.J..sl.(.b.p....7H.~,..j.HG.a...AJ9AK.../.._..Q..@...]B..TY..C.yZ.}......bP...X..I..M..a..U..X. ...d.....q..W......q.,..k}h!tE]-)s..@R.QJ.~.`....We.8..b.[?.....>..`....Z.TW^..N.].g-...8H.x.....-\.........Z."fN+..m...1.)...D..n....9...I...{Wes..KRRV.Z...y....Z...wb.;.I...m...&R......>^....M3)'Y~V,.....2.T.DqJG.....F.C!5.........T4n...5..../M.h8....L...R_x.I<...]"c.P.?....x....?YI....6p........3.NZ..EgG..9.L.h..}r.$...2.....8..N4..}.)>f.....?..#......Y.8!Y'7..q?.....nA...`....%....Ad.#..n..C....Y'...\y,..j`bu..N...i).w.H_.4...">.W..1...L.Q..j...M....\....|....].....#.^.D...9..C....."..._Q....4..,.-q9B._...x..N.N.&.y..`.. ..G.E.._.9:o.............`.^....:..f ..$....h......&k..S*..O.".*i).......C.....d...J.=.*H.h....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Flexible

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1853
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.910337252349585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lp4GSHitcnq2Pz3CWV2GPmUYQvsNOyiYIyQdE3tAAK3Uud7xafylbN8Ki:+cv02SDvuxiYtF9h61OyM
                                                                                                                                                                                                                                                                                            MD5:8000094E5C1032B6F5C47A3A4D2ABDE3
                                                                                                                                                                                                                                                                                            SHA1:BB801FAE4EEC7ECC2B5B9FFE7EFD699EF6FF5E4E
                                                                                                                                                                                                                                                                                            SHA-256:DC16914511BF42E581CBBC8DE5B6ED31379F14A601AB30C0E8B944E40694E48F
                                                                                                                                                                                                                                                                                            SHA-512:ECDF84D51DC6A3DB190C624DB0034389D3721A2A53AD82497536E1675058ECC8CF50E2E2F499F76DDCD5AF2EAB7990FC571B94AA0F3AAACB6B64669A2C37F9E4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:TRIBUTEBOOTYSTANTIQUE..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......^.........."......:...(.......R.........@.........................................`...@...............@..............................[..|.......h....@..To...$..........t....p......................X...(...0p...............P..8............................text....9.......:.................. ..`.rdata...A...P...B...>..............@..@.data...P........P..................@....pdata..To...@...p..................@..@.rsrc...h............@..............@..@.reloc..t...........................@..B.........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Keith

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (673), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11833
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.170360898818388
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:O1Jnbr3wKWeWmrpqycWAi9x+yvxkiMUWYajo6qOcALx/F5aX348eYdP2i8W3N4AZ:OxP3wKFgvWAiX+y1MksWAR3aY8eYd+i9
                                                                                                                                                                                                                                                                                            MD5:6B541BF1322B4FACFFF09405642BA95E
                                                                                                                                                                                                                                                                                            SHA1:E011BAB2FB6AF9E8A4883E1D92DB9739EDA47B78
                                                                                                                                                                                                                                                                                            SHA-256:FB3B59041EBF3D736CC63F86A396088F019444EA8D684638EFADC0A6288E45F3
                                                                                                                                                                                                                                                                                            SHA-512:7805EC6345009EBCB69F28FF5726539614A41F0517DBD7259416D0EB4384AAC6F9B2B5ABD87DD37BF99429DE47695BD9BF90B657F3445EA31ACC68F097E781EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Set Baskets=A..GvsArch-Basic-James-Who-Viewing-Knit-..RZBJThrows-Salvador-Offered-Penn-Featuring-Risks-Dig-Approximately-..yTKTherapy-Regions-Trunk-Reproductive-Vocal-Fixed-Finite-Talk-..UPRebound-Aspnet-Honduras-Beneath-Thy-Win-Survey-..oXwZCitizens-Subscriber-..gZCoordinates-Routers-Bond-Asthma-Restaurant-Richmond-Bible-Allowance-Columns-..VPSkirts-Thou-Nudist-Provincial-Soup-Visibility-Places-Cabin-Abortion-..KXUpdates-Offering-Seminars-Key-Cnn-Neighborhood-Blackberry-..EZGZExpressed-Shell-Verify-Print-Firm-Directions-Celebrities-..Set Combined=I..iqNResulting-Pantyhose-Challenges-..DfbJTaiwan-Dealer-Mine-Masturbation-..sJbIsraeli-Leaders-La-..JXmWires-Filename-Compile-Vast-Writes-Provide-Space-..wErlComplications-Climb-Morrison-Packs-Complete-Apple-Extra-Combining-..tQYRDevon-Southern-Fundamentals-Visits-Connection-..UdLeader-Indicates-..BMLcNp-Den-Jonathan-Easier-Fears-Transform-Requested-..Set Launched=8..gYmlDefense-..IljlId-Understand-..oDJHeadphones-Performance-..czOrganizing-

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Keith.cmd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (673), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11833
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.170360898818388
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:O1Jnbr3wKWeWmrpqycWAi9x+yvxkiMUWYajo6qOcALx/F5aX348eYdP2i8W3N4AZ:OxP3wKFgvWAiX+y1MksWAR3aY8eYd+i9
                                                                                                                                                                                                                                                                                            MD5:6B541BF1322B4FACFFF09405642BA95E
                                                                                                                                                                                                                                                                                            SHA1:E011BAB2FB6AF9E8A4883E1D92DB9739EDA47B78
                                                                                                                                                                                                                                                                                            SHA-256:FB3B59041EBF3D736CC63F86A396088F019444EA8D684638EFADC0A6288E45F3
                                                                                                                                                                                                                                                                                            SHA-512:7805EC6345009EBCB69F28FF5726539614A41F0517DBD7259416D0EB4384AAC6F9B2B5ABD87DD37BF99429DE47695BD9BF90B657F3445EA31ACC68F097E781EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Set Baskets=A..GvsArch-Basic-James-Who-Viewing-Knit-..RZBJThrows-Salvador-Offered-Penn-Featuring-Risks-Dig-Approximately-..yTKTherapy-Regions-Trunk-Reproductive-Vocal-Fixed-Finite-Talk-..UPRebound-Aspnet-Honduras-Beneath-Thy-Win-Survey-..oXwZCitizens-Subscriber-..gZCoordinates-Routers-Bond-Asthma-Restaurant-Richmond-Bible-Allowance-Columns-..VPSkirts-Thou-Nudist-Provincial-Soup-Visibility-Places-Cabin-Abortion-..KXUpdates-Offering-Seminars-Key-Cnn-Neighborhood-Blackberry-..EZGZExpressed-Shell-Verify-Print-Firm-Directions-Celebrities-..Set Combined=I..iqNResulting-Pantyhose-Challenges-..DfbJTaiwan-Dealer-Mine-Masturbation-..sJbIsraeli-Leaders-La-..JXmWires-Filename-Compile-Vast-Writes-Provide-Space-..wErlComplications-Climb-Morrison-Packs-Complete-Apple-Extra-Combining-..tQYRDevon-Southern-Fundamentals-Visits-Connection-..UdLeader-Indicates-..BMLcNp-Den-Jonathan-Easier-Fears-Transform-Requested-..Set Launched=8..gYmlDefense-..IljlId-Understand-..oDJHeadphones-Performance-..czOrganizing-

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Pdas

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1063298
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.43986387494404
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:tAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:tALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt
                                                                                                                                                                                                                                                                                            MD5:D47BC8398FE1652C176B514198192F8D
                                                                                                                                                                                                                                                                                            SHA1:FF7608464D780E9C8A78BC191543E0A55C718F68
                                                                                                                                                                                                                                                                                            SHA-256:8E82E1753C387F00617F9AA77B3D648BB30F926D4183FEF72B5AEC993BEF31A7
                                                                                                                                                                                                                                                                                            SHA-512:526CCB217253F65B9763E11CB32AE694FB76206211A6DF8F88CBC918E8E8EFD83C75E40957012626DFD941CF227DD923A632D68C584B274A0D37AD5416790A9D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.A.....H.)H..H.i.....i.H.i(.q0H.i8H.i@H..H.....H......f.kh.Cj.H.kl.s|.......................................H...........U...L......H..........U .........D.E.....H......H..H......H......@......H............f......@......H......H......H......H......H............H......H......H.l$8..............................H.\$0H.. ^....H.\$.H.l$.H.t$.WH.. L.A.H..H......L9A.u7M....L;.L.B.L.A.H.M.I..H.@.H....5..H.S.H..H.......H.{.H...5..H..H.l$8H.t$@H..H.S.H.K.H...H.C.H.\$0H.. _..H.\$.D.D$.H.L$.UVWATAUAVAWH..H..0H..I..H.UhE..H.......................H........Hc.A.....H..]...E..H...H..L.#H........A...t.H.MP......S|..yD.UPE..S|......Ep...u5.Ux...u5.{h.......A..H.\$xH..0A_A^A]A\_^].3....`....................H..H.X.H.h.H.p.H.x ATAVAWH.. H......E3.Lc.J...H.9H...p..H.O(E3.H...................;.......D.v.H......I...H..H..t..G.9C.uw......<......L..H...\p..H......H....A...H......H....C...H......H....E...H......H....G...H..H..t....E..L.#....q....&.....I...;...`...H.O8H.... ...H.O@H........H......J

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Reservation

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):76800
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997761567433148
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:lwT3uzjS2ZjSpvt2nZ1yOandbhrnzTXHiJlu4bBHZ0KB9w8rIG:lwTez+2lEF22OihrnHiGiB537rIG
                                                                                                                                                                                                                                                                                            MD5:78409C5A1DF0C27620BF35C86BCC7EDF
                                                                                                                                                                                                                                                                                            SHA1:F7A857340DB5DBB2EC8779499158ECD5B1BD4786
                                                                                                                                                                                                                                                                                            SHA-256:983672850C440D7742854F9780D4018E76947D7BFB0D34A122EC89EC1881B086
                                                                                                                                                                                                                                                                                            SHA-512:D45B1581CC6ABDA0E33F5BF2E1757B6ED26B422DE0EE9BD862B5630A66C654685D415A91757AECC2AACC2DB9955AA1A695396FD93D5CA887F35F0976D8EF5D76
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..l..j....;.j...%.a......C..G.\2...>.b...?Xf...p...6.b.....C...p.....|.!.>.k....../0D...XaHPd...+S<....R\..a\.v#6m.[....F.+. ...+.Q.j...qW....O.mf....9o?.........~...3...J8Q.........#..Dl....3.u../..^....M...-|!..<OoO\*r..1l...kV......:.*=.O9..}I..."a..$...%XL../.~.0.?....K............VN.7^.......o..dMc..P.....[.7<?L.|.RkK..........5.em.}.i..s....p0...e......#.v..d{W....F.e.....Q.X.gLm...'"@&W...G.V._...c4..v.b.7C..3.ok......T.=Ax....5....3fn9B....,....T...y..W.+....>..7.f..doZ........t.U..D..........vB...._.d.(.h;n......A4km.f..2...~n..*..B....2*..F..._......_4.....o.,..j....+.......hi.....@.*..%.........4u<.cqd..a......xS.(t..N...%..!(}@..P..ww.I...1......aq....5bV:...$t....Ou..8RJ........?@).i..y]...d-...8~-..#..y....MQ.c..[.^`.Y.M....8...`'...X3D..`..#.~k.x.....i$.v.~..G.VN..=...a?.Y.Ej...$8_'...,...@..?.K...n..,...f..U..$8U*Uy.{..JV{..pv5.L.k.G.z...E..r.GD..f@.Z`..'.LL.V......._W....9.*.:....U.p.(2.B]..fc.M..r_....=

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Schemes

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):95232
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998123296474752
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:8GuI+e+ZkxSX/SSi+yY+zsIQjgNCFSDhf/jyQ4470hRHqal3FLYjCqS:8leLSv9+zsIQjUCFAfRZ7ARHKCqS
                                                                                                                                                                                                                                                                                            MD5:7930B8D5619E8759FAE10AB668B83FAF
                                                                                                                                                                                                                                                                                            SHA1:2FF7D220982869F2100F6B4A0A5E9327FA61FAFE
                                                                                                                                                                                                                                                                                            SHA-256:61AECA182952A9CC4C5488F0018A7E458B114DF1946C8F213B6642F413EBCF46
                                                                                                                                                                                                                                                                                            SHA-512:1F1D8C78198E50938E4ECD01AEEA6113B5B76A2726C4D3B28D81FAB47E84F0E95CC9CCC23CFDE65EFD12331DD2E6A0EDE1A5A61644F5CA4E0876C6FB93B7A0B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<...Nk ..F..X...#.:....R$.d.aR|...+......d......`.f\.I..a\.}.w..D..-E.........F.g...L$|qfD4.].;f(.|A.e....q....u%...H..$.r.p...:".H..0Y..\..-.!..V...r<...#.O..J.i....,... ...W&.d~*....G....L..-.......(..Na.8...1A.m..8g.....}n..HAi..I.7... K.N.\N.2.....C.W....<.&.j..(......n3=.J.>$..F..H.E.F..X.3..BX.9$..p...F..#.n.^.y...fS.s@.[........xR.Z4zu.P.BME.@.*G.....=.)]L..nk._Q......|..h..E2*.*......Cr8s.g ..3......~.[r..O...Ig...JZ..@.7h.(,et%..(./.nr|%....c.N....&...w..KY..Z.~...8Di..T.Sh|...7.'....|.Z.`.{..f.#.+...YZ...Y...n..4..1N....n?.......Q...\..:...ci.v.8.>s...........8D..Y>;...n...........R..u..&.../"&.>.!* `.3eVSH6%#.[H.H....~.\......G...|......J./m..(R.j.&...d K..ZI6/..{...Ud.....g.im..{.u..%..hg..qs,l;.j.....W..b..2+_c.y_.J1........p<\....&.........".?Pw!.&....-.......-.,.n...H\[....S.yM8.9./...|.jelb...q`..0."..!..T+.y.;.[......._.....$..,Y..N]Bmt..l....LJ.....\.d4.(1$.h.w..&.C....].i..y.v.U.g........!.......F...f....S...

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Shuttle

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57344
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997108762505305
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:FR3W4qSamaPMUDUyAH6zwyvJw0GPDt9C9gCkrPJEqjy3:FI4qSacyo6U40DtP3DJ83
                                                                                                                                                                                                                                                                                            MD5:B8A2A7FC3572DAD515E21999BFD7EDE0
                                                                                                                                                                                                                                                                                            SHA1:094A47C09EB1A75E43B676E9A44AEC782A1433E8
                                                                                                                                                                                                                                                                                            SHA-256:F0D652BA5745AB35DAF6A7B1C894DF15985120600747CAB95115AA95ABE77AE3
                                                                                                                                                                                                                                                                                            SHA-512:3F6E6EBC6C026D80EEBB3CB995D99E94DF5D174BF34E4C444B6369A3654E9FC2FD4B70992DF59F0E8C5E6284A3EE01EB90E6DD14E6115572B96DE28BD0BA8799
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.C...._j.I@l.\..1aF..K....05 ag.V.wq1.c...R.A?.J..k...@<.|.)J+.e.{.#..p.+%]S...U.F..p...65.t.p..o...U&/......}>.w.....tX.R.....".........FI..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....N.;.'.F...h.............X7......X7......kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..}."..,P..Myn.2..t.W....:...fo!.r.'oX7..m...X7......m......c....5...x..2).U.j.....>..#.~.<....)....-..Tv..<N..*,..~......=.G...`.v9 .../}._...V()Rw.!..L.a.7g..'.X.wf...2.}.....bxy..a..'.....W.%.{....b.J.H}.?_..z..SX.1..Jy,..L.........FrC..wWgS..D.H..?@...H...f.2..~!....=p..Z0CH.......=..2D.BP...m1+5..L..|o.+.{.....an.A..;Y:...R.Si....t..`(..D...v~..g..s.....7={^.....o.^..,uGL...)...5x...Q.0...a.dpFOQ

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Signed

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9977130347902206
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:08XGzaK+1YG7IisH1nq5DNmP5LCyPsfXYd3w1+Jmd4Dl:UzxWYg2HRqfmLC0swd3i34Dl
                                                                                                                                                                                                                                                                                            MD5:9C5271F9320CF6EACBCD1A0F4FA0280D
                                                                                                                                                                                                                                                                                            SHA1:354CBD1E89ACDD5F0946D15F9366B46C10CDE89C
                                                                                                                                                                                                                                                                                            SHA-256:F4C6334A66B36A4C87998291E5A6B2833BAA760F50E4E4D4456CF2B948D9CDEF
                                                                                                                                                                                                                                                                                            SHA-512:E1F248A25F4E1859B72F25C6B7A8765E3F649BC8D56A732E58BD38B5F433795B31FFE174EBD4B9E68301395B40CD7F580DBAF573B6BACA6C181C40E06EFFB524
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.8..k......~'.xf.cD......q.O.F...J'75|g ............RZ......)......<..&.-}Y..?....#3.c.2.lx-....uAZ.-KH...@.&...0\B..B..?Ig..3W.....x.]=.X.....6P.b[..#.6p...&....\........t.7*.R.z...f...F ...~y.bI.<.S....?........c7...-..s..jJ..e...../.K.}...T.|Gd..=.c..Q5..0l..w...*..`....%{.+.Mb...I.....9*......;..K...."....]..r....){..$..$.p...v..#..K.A...]?..F.B............83.RQV.z938|D?. :.j....b.c_......B{..qtU.f...v..%p.VeZ...;m....I....^..%...n.|~....P.7S..m......f. ..m9^L.......$.)[.3I.C..m0..v.J4.7....~$....n?fr.#l.0j.mEbq.#&.v.O.B.%=.....p.U..l.......v..W....m......J....w.....@.....E,........RP?.l4(..C^..`D.Eo.<.L...}G$...:..8:L+.....y......i.4........C.l...Y...eE..`.hk5{...y#O...t..PQ..A.&[._>?...e/.....XaK.xo..O..JSJ.^V.*..3..@.=e'......p.~J.6.J.c'..`. .i..{...1...u}.@..*k.5..edr...p.g.....a..p...!oU..ry....X.)... ....;.(.(%.F....\#.+G....O.s..h......4lG...@#4....e...9).|o$..rW7..D.>..S2.x.e.sV...R}..._.Hi.N.1.K.@.U...3.......f....n.>..61....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Vegas

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9735
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978765162083663
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ILrrqIF1mJOdoZHuacsHliMyftgP6D/9ZYz59Pm:ILtjmsWZHu768ngVO
                                                                                                                                                                                                                                                                                            MD5:B4AF1D63229E81ADA04D4FE24EB213B5
                                                                                                                                                                                                                                                                                            SHA1:13675CB6657D1033C000CD8094555E2765E46315
                                                                                                                                                                                                                                                                                            SHA-256:9A53B593AA3697B4F0ED3055DCFD82ADF19C7DDD5EADD9F9BAF0A28627C715D8
                                                                                                                                                                                                                                                                                            SHA-512:D0791392CC4901D23E8053B61FF7F5482609E04CEF6CAD5B8019CFBD05F20539F6EA20E89E5562ED98774577C9B3F12957F4CABA614678E3447D2363191F99F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.^..I0..... ...l.a).x.....4ZH....l.,&..<.:8.w!.Y....3.>.<.~.H..tV.J.V.L`r.y.@*...(...<....Op..n...oI...H..z...1.n..W..9..U.,?...J.9_...S..k..f../.......j.\.....@...v..qIu...;.PsV..d.0J^.F:..t n.....w....M.o..u.[C..-$.+.......1..C.z....6,x..l....zH.hk.$^x.......T...ZM..5D...D.t......s....~.=...v'...%O.....I....oX......l...{......s.....V@m..dX..K`r.h...LQ.......w.ULf.4T...-G..3.c).x.^.....R....p........F.C^pY.H...4.a..G.Z..io.?.qJ.9G..@Zv.(..Ps.^.[....l'0.y.<.#.\]F..(.6.z..}.ELK.....o..y.B.J.|UU.q..g.jN.s?...I...u.....X..G=..8. ........0.......o......O..o.....F.e.B....,..zyO.>...%.l..Js.+..,...!.a..L[...%...0.._k.(. .....y..YK...../.}..9.>'.~..UQ8t.....7@o.b...1q.>*..\.].....D;`U.......?..v....fLE....]...RqL.!....ye....pF.6...+./...s.......G...y.2..u...*]M.g......@..4.}.).6H...<Uu.....M^..?P.}.q...C..Q.....&..D..q.4.+}#..Y.9.2...8..".......D.>...f.x.wq."KII.r......v..BX,.........1.}..>.+....!o..[rYC.1I... `2....'Zs.4R.}...e.H.....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Vulnerability

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):59392
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99647937372031
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Z7nnFXy/4Q81aYRCzeSv300NEcH+aOhdKuO18NRmG8b:Z7FC/4Q8iF300NEg+aOhRFXpw
                                                                                                                                                                                                                                                                                            MD5:C0FE63FD7CF2CE61C8F5D9C4C468611B
                                                                                                                                                                                                                                                                                            SHA1:276A7E3B2AA6B677C6A0D290264DBDBDB50362FA
                                                                                                                                                                                                                                                                                            SHA-256:CADF4DBEA2EE9265D8FED6EA43613BEFE165143E694BB8EEE945871F07EE820B
                                                                                                                                                                                                                                                                                            SHA-512:E702BD7CC828DE2A820C0C9471B7B5B12D987437883DE23B2C4CFC0AA7EA1A8972A0A9239258527EB85DAE7A84AD5871CA89DA69492473A077580647A5934AA7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:l..Y...(.l..e..OU.G..lQt....<../.-L..d(..8...wv.t..&.u..gP.B.~'....._b7...u.."...t.p;......$`....Z.....V...u..Se....?.n*P.au"..4..h.W7..O5.)..,..G...d....S*.Z........5@K=|9.k..c....]RQHx5~.,..@....g..D......*.O.u.]i,...vs{.ge_.K.$.........@.m..?hj.....o}....'. ..C_}....M..y.N.{,....:Y"..v.3.....[.}.....E.5..(VL....T.|G\..Y......e..s.@.}..B...`?...M..h.........U....n...E'.g......w..i.N...#S.$}....J.a9z.V.i.......w.K~R......bW.4E.SM#...G..h._Tp:..T..q.T..Z4.....k.;.<Z.y.....t.m3V...<..*.2.x.....rD4a4........h......T.v..e..p.1....`........O...<....3.J..*..7..y...N......8....v...]..w'.~..t.2.s..:Wq..............oI.LuI*.l.G..H..FR....C...(..;U....U......j0.j..yW.r.s...*.*..z.*..3v:Gw.]...~.VO...sb.....od....2....A...[86....=..e.8...MH.O......'y...I.=.+{.l.KUv.......6f..t..}..+D.....f..$2s.@!....9. .D.j...^....\j...O..8Q..n....S..,.p.....*.s.."...^..f..o|..qd..wdn.......4....S.....GHkM...p.d.....|..SpV2.;..ChM:d.[...W...k.b.wT......k>...

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Worcester

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55296
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996846627063562
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:yHTc/vN3jpbTXylVGZKKWBWcLaEHkBmMHHmoXXLcb4ABPer:Agl3V6lUZKK0vi1hLtABPer
                                                                                                                                                                                                                                                                                            MD5:754B244B4CC1E73DF9524540AC478FF7
                                                                                                                                                                                                                                                                                            SHA1:DAB12394BA84580ED34C1904C0E13C1AEF096C97
                                                                                                                                                                                                                                                                                            SHA-256:0041AEB72728B74A24B8ED16A711A2543A5D8DF00CAC1FA827048D20020E5260
                                                                                                                                                                                                                                                                                            SHA-512:4F3E70703F19BB5087CE3E7BD03C2D04877073E78891638F7868E7DE3E59E94949BD232A1B1486240C7D16E18788715EC96CBBBB4F4D2CD37A4491F065C9BE5A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:8....d...y`.$....O....c3...\.......w....@...>..jY.,I.L.vf....b..m.I`BEe.}....m.Am+..a.W...C........G..W....._.&....[........6-E...]Q3.=c.v..!.n./..;}$\k.[x..Hm.iT...\...........=.Zo....Y..Y.,xz..g..P....}....TzT...?.M..Z..^..~T.~F.[...W.Q.I.K.%...gP Rw..9..zp2j.i~.y..a.q.`.?.n.5g..>....Rb.C..\...m......p._-|.;.ka.h.E..#...A8.3.?.(E....6......W.t.N}.<..n..nM.HX3+E.#.'..q.Q.pQ!..N.....*..G...Z.:....u.<VQw./..w .0..q.%...*..........^@im....."w.L4/.........N.....E?.+.i3s...Df+....`I..3...1.*TT.....DJ)....k....hq]..o.p...V..#..U.l9.../.g..5.w%..:.U).t....J....N)3`@.1u....u...h]..`4...E..C.,7........n...>|...D..2r.....Q,Y...=....._".V...I@OI$............Oy.k..u.8....E8..\../`.F_\l.".q.R.x'.Q....).....cW...^.).?.;b^.[..].3./.>....Vvx9.K.}|...:?...q..<.m..p.?.).R..*x..?......M1;..........K..u.}..t. ....!....l....6.aJA.1L.lB'..k....~..H.F[.VA...f00H.tU/&......\."..M.....9.2.....A........{...Q..nH.?.+..^...M.Nc.U......UT=l,)...........

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\bd61d54f-feb5-4586-902c-4619f33b7330.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\3339282e-371d-4894-828c-3bb54ec27062.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1372
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536683503154541
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YpQBqDPak7u5rrtWicKG2prYwan/6yikudYJdXmuBuwB5aOFt4NhpH+CXuxeQQRZ:YuBqDPafzcKG2GwnpeRBzB5rKxzYPB0
                                                                                                                                                                                                                                                                                            MD5:8B18DE8CC0A4C21A8723F18FB2BCED61
                                                                                                                                                                                                                                                                                            SHA1:7CBB00F097A9522439A8E30E1F56D1B94C3CD43A
                                                                                                                                                                                                                                                                                            SHA-256:26B2BD5C1421DBF51E12AB3F00D01E5F8EABCE3D563666FEBA19C975D15636F8
                                                                                                                                                                                                                                                                                            SHA-512:CC96FE201A5F202B5605A9FAAEB3CA5D2C670D61A44611898299B1DFCC8C9FEA8CF0C850EBEA70FA1FB54D58A3149F148DD56C447D32B0C72C27B50F6EE5B79C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003736438489","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530134"},"user_experien

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\BrowserMetrics\BrowserMetrics-6762D456-1820.pma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04030212415098768
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:wiAriUjLYiVWK+ggCNlcJZzK1d9XjRY1PgYUc58hofBV8Wh8RQJulTkTan8y08TQ:uiUjjlgcD1hCJwdk+08T2RGOD
                                                                                                                                                                                                                                                                                            MD5:8F10C9FF5C06F4AF15B24521AE6DBB2A
                                                                                                                                                                                                                                                                                            SHA1:618D09EF85CCE6E68C32540F0B3D16D3C14D3E78
                                                                                                                                                                                                                                                                                            SHA-256:2765F72899C13ADDA22FCBE6AADA2C6BD5627AA079CC1042105716ABF4F3B969
                                                                                                                                                                                                                                                                                            SHA-512:FA43A773C8FD6651AA61D8A7D51F49C6F8EB9074EBCA379FDB0F5F3FF322BF8110F13F618F1F71922E7D19C197FB9FFB9F7A6AEDE4458EF7EBFD826B8A500EFA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@................`...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".dnhuyb20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@................................4.....<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....]K....@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.7730128165571206
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:FiWWltl4pLseFWiCcLSzlll:o14l5FWifwl
                                                                                                                                                                                                                                                                                            MD5:5ED4102E95A112F417E94620320A71CC
                                                                                                                                                                                                                                                                                            SHA1:9D16EB7DC777F96EF6C899C4B69D2425A2AC6C94
                                                                                                                                                                                                                                                                                            SHA-256:9178178437CE4CCBD8E9D3628E0F09A96A0C24F15EA2B503D4E7B91E4D6555AA
                                                                                                                                                                                                                                                                                            SHA-512:C07CF6805FBDB2078D338D62CAFD7EAD45B391440EE435F24A0E2343096ABDBA7AA83F15DDC9D0CBCEA6FFDE3987C71F8DCB926CD7852938F5BFCC6CE466D323
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:sdPC....................>.ZD...@.vr....l................................................................................................................................................................................................f4a4f2c5-04a3-4f27-9f7d-7b71248855a8............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Crashpad\throttle_store.dat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                                                                                                            MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                                                                                                            SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                                                                                                            SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                                                                                                            SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:level=none expiry=0.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Last Version

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Local State (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1372
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536683503154541
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YpQBqDPak7u5rrtWicKG2prYwan/6yikudYJdXmuBuwB5aOFt4NhpH+CXuxeQQRZ:YuBqDPafzcKG2GwnpeRBzB5rKxzYPB0
                                                                                                                                                                                                                                                                                            MD5:8B18DE8CC0A4C21A8723F18FB2BCED61
                                                                                                                                                                                                                                                                                            SHA1:7CBB00F097A9522439A8E30E1F56D1B94C3CD43A
                                                                                                                                                                                                                                                                                            SHA-256:26B2BD5C1421DBF51E12AB3F00D01E5F8EABCE3D563666FEBA19C975D15636F8
                                                                                                                                                                                                                                                                                            SHA-512:CC96FE201A5F202B5605A9FAAEB3CA5D2C670D61A44611898299B1DFCC8C9FEA8CF0C850EBEA70FA1FB54D58A3149F148DD56C447D32B0C72C27B50F6EE5B79C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003736438489","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530134"},"user_experien

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Local State~RF31723.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1372
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536683503154541
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YpQBqDPak7u5rrtWicKG2prYwan/6yikudYJdXmuBuwB5aOFt4NhpH+CXuxeQQRZ:YuBqDPafzcKG2GwnpeRBzB5rKxzYPB0
                                                                                                                                                                                                                                                                                            MD5:8B18DE8CC0A4C21A8723F18FB2BCED61
                                                                                                                                                                                                                                                                                            SHA1:7CBB00F097A9522439A8E30E1F56D1B94C3CD43A
                                                                                                                                                                                                                                                                                            SHA-256:26B2BD5C1421DBF51E12AB3F00D01E5F8EABCE3D563666FEBA19C975D15636F8
                                                                                                                                                                                                                                                                                            SHA-512:CC96FE201A5F202B5605A9FAAEB3CA5D2C670D61A44611898299B1DFCC8C9FEA8CF0C850EBEA70FA1FB54D58A3149F148DD56C447D32B0C72C27B50F6EE5B79C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003736438489","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530134"},"user_experien

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Local State~RF31752.TMP (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1372
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536683503154541
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YpQBqDPak7u5rrtWicKG2prYwan/6yikudYJdXmuBuwB5aOFt4NhpH+CXuxeQQRZ:YuBqDPafzcKG2GwnpeRBzB5rKxzYPB0
                                                                                                                                                                                                                                                                                            MD5:8B18DE8CC0A4C21A8723F18FB2BCED61
                                                                                                                                                                                                                                                                                            SHA1:7CBB00F097A9522439A8E30E1F56D1B94C3CD43A
                                                                                                                                                                                                                                                                                            SHA-256:26B2BD5C1421DBF51E12AB3F00D01E5F8EABCE3D563666FEBA19C975D15636F8
                                                                                                                                                                                                                                                                                            SHA-512:CC96FE201A5F202B5605A9FAAEB3CA5D2C670D61A44611898299B1DFCC8C9FEA8CF0C850EBEA70FA1FB54D58A3149F148DD56C447D32B0C72C27B50F6EE5B79C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003736438489","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530134"},"user_experien

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\Variations

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):85
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
                                                                                                                                                                                                                                                                                            MD5:BC6142469CD7DADF107BE9AD87EA4753
                                                                                                                                                                                                                                                                                            SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
                                                                                                                                                                                                                                                                                            SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
                                                                                                                                                                                                                                                                                            SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\cc5bd2b8-b6bb-4a2c-8606-086a658e2083.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2951
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.607301867935764
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YuBqDPEFMsFiHC0afzcKG2GwBpeNHB+zdrxrvB5rZtR/tklaJkX1cl9aHLZSymS/:Xq8NkC1fzcWVBeB8Fv3d/tkwJkFcoSDa
                                                                                                                                                                                                                                                                                            MD5:74A991A0282CD47F5644DB26F1496D51
                                                                                                                                                                                                                                                                                            SHA1:FE74BED443E9A4640361B124F5D814B4D83182FF
                                                                                                                                                                                                                                                                                            SHA-256:5B74CA616FA206DE4DC0322B8DD838B454BB7DD9202767683B6856DD8A4BA1F8
                                                                                                                                                                                                                                                                                            SHA-512:D98123BCAEAD4A1C869A48D0FEF6EE11A64F06B76ACE645C05717BFB5400528189A2AE1E37C32DD382C0EC140153869A2147F456BBFEE9BFF9E6CD8657E70E5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"policy":{"last_statistics_update":"13379003736635129"},"profile":{"info_ca

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\chrE403.tmp\e7514090-a003-426e-8ff2-dd2dd90a20d2.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):2951
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.607301867935764
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YuBqDPEFMsFiHC0afzcKG2GwBpeNHB+zdrxrvB5rZtR/tklaJkX1cl9aHLZSymS/:Xq8NkC1fzcWVBeB8Fv3d/tkwJkFcoSDa
                                                                                                                                                                                                                                                                                            MD5:74A991A0282CD47F5644DB26F1496D51
                                                                                                                                                                                                                                                                                            SHA1:FE74BED443E9A4640361B124F5D814B4D83182FF
                                                                                                                                                                                                                                                                                            SHA-256:5B74CA616FA206DE4DC0322B8DD838B454BB7DD9202767683B6856DD8A4BA1F8
                                                                                                                                                                                                                                                                                            SHA-512:D98123BCAEAD4A1C869A48D0FEF6EE11A64F06B76ACE645C05717BFB5400528189A2AE1E37C32DD382C0EC140153869A2147F456BBFEE9BFF9E6CD8657E70E5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADALUXkhL9LQKy6pbI6dFhiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABrZVfisP+iewKMI5eSUHiKSE1/vU7wUtMH/H5zAEC1sQAAAAAOgAAAAAIAACAAAACthoCG6G/dYJqCSF6gnqbNNppGtWwJHreQAoUM24hLljAAAAAA6Dok0fbQHvFo/1HXgVMt8vsbY8B9HkxcwMhDCA5wuSdMNUETvcUhmzZedAIqtZRAAAAAdbO4fqFx7aB2E8ELuq22pqARnZGfz9LX7e5TEOS49dnBAFiWT9i1PlShP5QfK2nZFF+n8MB2OoBfTlPYDHl4Gw=="},"policy":{"last_statistics_update":"13379003736635129"},"profile":{"info_ca

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1420
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.435629285950912
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Yac54VJfe54V80NBgu5SBxK0Npm25Spe0TxqXIp5r7qJ0ti5U8+0WgT5M:Yac5oJG5o807d54xK07m25Ee0TxqXIpz
                                                                                                                                                                                                                                                                                            MD5:1718710A0B85DC628A46074AFA266994
                                                                                                                                                                                                                                                                                            SHA1:F7D1AD19D7288912FF6B8DD8CA11266297D07862
                                                                                                                                                                                                                                                                                            SHA-256:3034A106765B1352310A3BA2FF15D43C65F56181ECC825E427D48608BC3A79F9
                                                                                                                                                                                                                                                                                            SHA-512:53388DEFABCA98A440BABBA45D2165C74F47BDA495BFB0BD942CEF671812DDA5509D35BA3BA5617C811098C446AB3E2A42C18936AB10EEA6E4AB9D21413AA3C0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"logTime": "1005/094927", "correlationVector":"2Yoymfq2DNqKkEQxScdye6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/094932", "correlationVector":"f8obPuKjAlRxEct+yTS+WU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/094932", "correlationVector":"3424AD3BF2D647858C80467BB9A206FC","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/102334", "correlationVector":"R7sA2ORjmzFG+jb9x+Jiab","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/102334", "correlationVector":"C4F87C103BB24B0EA24A826332D35037","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/102550", "correlationVector":"gABMZMZtO1erzif4SmQ7ja","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/102550", "correlationVector":"15ED17FAD0C64F2DB623BFAC8C77343C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/103007", "correlationVector":"+pZdWNzglJOCMtTzwL811z","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/103008", "correlationVector":"F3AB7FFA

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ecb01c74-6aeb-4610-971b-667f95247fef.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):154477
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4982
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                            MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                            SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                            SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                            SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):908
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                            MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                            SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                            SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                            SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):1285
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                            MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                            SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                            SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                            SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1244
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                            MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                            SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                            SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                            SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                            MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                            SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                            SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                            SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3107
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                            MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                            SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                            SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                            SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1389
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                            MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                            SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                            SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                            SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1763
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                            MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                            SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                            SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                            SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):930
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                            MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                            SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                            SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                            SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):913
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                            MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                            SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                            SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                            SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):806
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                            MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                            SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                            SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                            SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):883
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                            MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                            SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                            SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                            SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1031
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                            MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                            SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                            SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                            SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1613
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                            MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                            SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                            SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                            SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                            MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                            SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                            SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                            SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1425
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                            MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                            SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                            SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                            SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):961
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                            MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                            SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                            SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                            SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):959
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                            MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                            SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                            SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                            SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):968
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                            MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                            SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                            SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                            SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):838
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                            MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                            SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                            SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                            SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1305
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                            MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                            SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                            SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                            SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):911
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                            MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                            SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                            SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                            SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):939
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                            MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                            SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                            SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                            SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                            MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                            SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                            SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                            SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):972
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                            MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                            SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                            SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                            SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):990
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                            MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                            SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                            SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                            SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1658
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                            MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                            SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                            SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                            SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1672
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                            MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                            SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                            SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                            SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):935
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                            MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                            SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                            SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                            SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1065
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                            MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                            SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                            SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                            SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2771
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                            MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                            SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                            SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                            SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):858
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                            MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                            SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                            SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                            SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                            MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                            SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                            SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                            SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):899
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                            MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                            SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                            SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                            SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2230
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                            MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                            SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                            SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                            SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1160
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                            MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                            SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                            SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                            SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3264
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                            MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                            SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                            SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                            SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3235
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                            MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                            SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                            SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                            SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3122
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                            MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                            SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                            SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                            SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1895
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                            MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                            SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                            SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                            SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1042
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                            MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                            SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                            SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                            SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2535
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                            MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                            SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                            SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                            SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1028
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                            MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                            SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                            SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                            SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):994
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                            MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                            SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                            SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                            SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2091
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                            MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                            SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                            SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                            SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2778
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                            MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                            SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                            SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                            SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1719
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                            MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                            SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                            SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                            SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):936
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                            MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                            SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                            SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                            SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3830
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                            MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                            SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                            SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                            SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1898
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                            MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                            SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                            SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                            SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                            MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                            SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                            SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                            SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):878
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                            MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                            SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                            SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                            SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2766
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                            MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                            SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                            SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                            SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):978
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                            MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                            SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                            SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                            SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):907
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                            MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                            SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                            SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                            SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                            MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                            SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                            SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                            SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):937
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                            MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                            SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                            SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                            SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1337
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                            MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                            SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                            SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                            SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2846
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                            MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                            SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                            SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                            SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):934
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                            MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                            SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                            SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                            SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):963
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                            MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                            SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                            SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                            SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1320
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                            MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                            SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                            SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                            SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):884
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                            MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                            SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                            SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                            SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):980
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                            MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                            SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                            SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                            SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1941
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                            MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                            SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                            SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                            SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1969
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                            MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                            SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                            SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                            SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1674
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                            MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                            SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                            SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                            SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1063
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                            MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                            SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                            SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                            SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1333
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                            MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                            SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                            SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                            SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1263
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                            MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                            SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                            SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                            SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1074
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                            MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                            SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                            SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                            SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):879
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                            MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                            SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                            SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                            SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1205
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                            MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                            SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                            SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                            SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):843
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                            MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                            SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                            SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                            SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):912
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                            MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                            SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                            SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                            SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11406
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                            MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                            SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                            SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                            SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):854
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                            MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                            SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                            SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                            SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2525
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                            MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                            SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                            SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                            SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):97
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                            MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                            SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                            SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                            SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):122218
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                            MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                            SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                            SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                            SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):291
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                            MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                            SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                            SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                            SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):130866
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                            MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                            SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                            SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                            SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1588899274\ecb01c74-6aeb-4610-971b-667f95247fef.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):154477
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1987403535\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1753
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                            MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                            SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                            SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                            SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1987403535\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9815
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                            MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                            SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                            SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                            SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1987403535\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10388
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                            MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                            SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                            SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                            SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1987403535\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                            MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                            SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                            SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                            SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir760_1987403535\bd61d54f-feb5-4586-902c-4619f33b7330.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980830306519125
                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                            File name:H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                            File size:1'314'244 bytes
                                                                                                                                                                                                                                                                                            MD5:f7cdd37705bd314230ac86f43756d0ba
                                                                                                                                                                                                                                                                                            SHA1:597a28dc407bd232db2d891b51d40b2a779f89af
                                                                                                                                                                                                                                                                                            SHA256:73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8
                                                                                                                                                                                                                                                                                            SHA512:ca4906fc0fceaed1cd01a9a69452381b4d87f6e0ce7cefea18a890e477d2d9baf2c400b7dbca15f2c02cf8bb26044f8811cd049a7451be400a3c08eac8054afc
                                                                                                                                                                                                                                                                                            SSDEEP:24576:dCupFXzfTmVAsxPOCYw/P6Vd1cQZ4u9sdxjbE9mcSbw10bi79FgjX:t26sxP+w/P6v1cQZwxjc2b7b22
                                                                                                                                                                                                                                                                                            TLSH:815533A3C7E40432EAF14FB6B9781C344EB5BD1A59B8C05A634504AEFA29DCD4C173A7
                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n...\...B...8.....

                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                            Icon Hash:00f87878c83a9264

                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Entrypoint:0x403883
                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                            Time Stamp:0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC]
                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                            Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                                                                            Signature Valid:
                                                                                                                                                                                                                                                                                            Signature Issuer:
                                                                                                                                                                                                                                                                                            Signature Validation Error:
                                                                                                                                                                                                                                                                                            Error Number:
                                                                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                                                                                Version:
                                                                                                                                                                                                                                                                                                Thumbprint MD5:
                                                                                                                                                                                                                                                                                                Thumbprint SHA-1:
                                                                                                                                                                                                                                                                                                Thumbprint SHA-256:
                                                                                                                                                                                                                                                                                                Serial:

                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                                                                                                xor ebp, ebp
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                mov dword ptr [esp+10h], 00409268h
                                                                                                                                                                                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                call dword ptr [00408030h]
                                                                                                                                                                                                                                                                                                push 00008001h
                                                                                                                                                                                                                                                                                                call dword ptr [004080B4h]
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                call dword ptr [004082C0h]
                                                                                                                                                                                                                                                                                                push 00000008h
                                                                                                                                                                                                                                                                                                mov dword ptr [00472EB8h], eax
                                                                                                                                                                                                                                                                                                call 00007F060124B77Bh
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                push 000002B4h
                                                                                                                                                                                                                                                                                                mov dword ptr [00472DD0h], eax
                                                                                                                                                                                                                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                push 00409264h
                                                                                                                                                                                                                                                                                                call dword ptr [00408184h]
                                                                                                                                                                                                                                                                                                push 0040924Ch
                                                                                                                                                                                                                                                                                                push 0046ADC0h
                                                                                                                                                                                                                                                                                                call 00007F060124B45Dh
                                                                                                                                                                                                                                                                                                call dword ptr [004080B0h]
                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                mov edi, 004C30A0h
                                                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                                                call 00007F060124B44Bh
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                call dword ptr [00408134h]
                                                                                                                                                                                                                                                                                                cmp word ptr [004C30A0h], 0022h
                                                                                                                                                                                                                                                                                                mov dword ptr [00472DD8h], eax
                                                                                                                                                                                                                                                                                                mov eax, edi
                                                                                                                                                                                                                                                                                                jne 00007F0601248D4Ah
                                                                                                                                                                                                                                                                                                push 00000022h
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                mov eax, 004C30A2h
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                call 00007F060124B121h
                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                call dword ptr [00408260h]
                                                                                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                                                                                mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                jmp 00007F0601248DD3h
                                                                                                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                                                                                                cmp ax, bx
                                                                                                                                                                                                                                                                                                jne 00007F0601248D4Ah
                                                                                                                                                                                                                                                                                                add esi, 02h
                                                                                                                                                                                                                                                                                                cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x9746.rsrc
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x13e75c0x2868
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .rsrc0xf40000x97460x9800305c414ed6e9ea12dbd71adab17edab6False0.8114977384868421data7.263184084782555IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .reloc0xfe0000xf320x10009adfef79c3e5f22459f3a1b5adc4db48False0.599365234375data5.525327919948209IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                RT_ICON0xf42200x4b18PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9942259675405742
                                                                                                                                                                                                                                                                                                RT_ICON0xf8d380x19a9PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001674531892221
                                                                                                                                                                                                                                                                                                RT_ICON0xfa6e40x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.4122253864930838
                                                                                                                                                                                                                                                                                                RT_ICON0xfcd4c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6569148936170213
                                                                                                                                                                                                                                                                                                RT_DIALOG0xfd1b40x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                RT_DIALOG0xfd2b40x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                RT_DIALOG0xfd3d00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0xfd4300x3edataEnglishUnited States0.8225806451612904
                                                                                                                                                                                                                                                                                                RT_MANIFEST0xfd4700x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                2024-12-18T14:54:41.117781+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049866TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:54:41.117781+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049872TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:55:17.961645+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.147.124.2442456192.168.2.1049707TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:55:43.431685+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.147.124.2442456192.168.2.1049726TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:55:43.431685+01002854824ETPRO JA3 HASH Suspected Malware Related Response2185.147.124.2442456192.168.2.1049726TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:55:55.959126+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1185.147.124.2442456192.168.2.1049748TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:55:55.959126+01002854824ETPRO JA3 HASH Suspected Malware Related Response2185.147.124.2442456192.168.2.1049748TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:07.289584+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049755TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:14.584792+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049781TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:21.861128+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049797TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:29.109640+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049812TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:36.385723+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049829TCP
                                                                                                                                                                                                                                                                                                2024-12-18T14:56:43.659132+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1049849TCP

                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:16.383829117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:16.503464937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:16.504833937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:16.509891987 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:16.629389048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:17.841504097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:17.841952085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:17.961644888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.280395031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.319901943 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.439570904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762298107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762326002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762337923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762362957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762384892 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762428045 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762451887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762465000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762476921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762491941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762500048 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.762528896 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.770700932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.770757914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.770795107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.777270079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.777347088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.777396917 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.882061005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.930334091 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.954188108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.954309940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.954405069 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.958097935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.958153963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.958205938 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.965955973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.966078997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.966159105 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.973822117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.973907948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.974009037 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.981703997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.981724977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.981770039 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.989485979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.989583969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.989650011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.997373104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.997467041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:18.997548103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.005367041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.005417109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.005486012 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.013139963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.013202906 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.013284922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.021059990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.021079063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.021135092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.028822899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.028913975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.028970003 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.050412893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.050513983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.050621986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.054316044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.102163076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.148739100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.148791075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.148829937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.152609110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.152698994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.152775049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.160254002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.160381079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.160433054 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.167968988 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.168071985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.168112040 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.175616026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.175712109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.175755024 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.183267117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.183362961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.183429003 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.191051006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.191065073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.191131115 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.195801973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.195919037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.195954084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.200830936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.200872898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.200958967 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.205668926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.205811024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.205852985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.210566998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.210721970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.210779905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.215511084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.215624094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.215666056 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.220383883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.220606089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.220638990 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.225298882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.225368023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.225411892 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.230256081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.230427980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.230467081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.235074997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.235238075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.235287905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.239943027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.240083933 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.240132093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.244842052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.244997978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.245049000 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.249604940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.249711037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.249757051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.254446983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.254554987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.254628897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.259254932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.259375095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.259411097 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.268337011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.268410921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.268495083 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.270746946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.270802021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.274638891 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.275619030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.275671005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.278631926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.414927959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.414942980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.415055990 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.458137035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.508374929 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.514786005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.534378052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.534394979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.534499884 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.622977018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.622998953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623011112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623024940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623037100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623060942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623076916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623080969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623085976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623090029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623106003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623119116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623131990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623147011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623145103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623167038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623181105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623199940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623202085 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623208046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623224974 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623248100 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623423100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623430014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623442888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623456001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623467922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623477936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623492002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623497963 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623512030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623516083 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623528004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623545885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623548985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623552084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623560905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623567104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623569012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623570919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623577118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623591900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623593092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623605013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623619080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623632908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623655081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.623682022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624332905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624355078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624367952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624389887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624403954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624416113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624423027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624428988 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624443054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624454975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624490976 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624660015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624675989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624689102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624701977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624715090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624717951 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624728918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624742031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624758005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624762058 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624768019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624772072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624794960 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624795914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624810934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624824047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624836922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624850035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624862909 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624877930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624882936 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624895096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624901056 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624912024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624921083 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624926090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.624964952 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625659943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625720978 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625741959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625756025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625772953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625775099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625806093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625832081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625926971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.625988960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626002073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626017094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626029015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626032114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626044035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626061916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626064062 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626084089 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626557112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626574993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626595020 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626607895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626609087 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626622915 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626629114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.626658916 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.628134966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.628226042 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.628817081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.631588936 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.654206038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.654304981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.654454947 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.655183077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.655263901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.657217979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.657282114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.657350063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.657387972 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.742954016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.742988110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.743061066 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.743782997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.743858099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.744118929 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.746243954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.746268034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.746323109 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.747773886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.747924089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.748013973 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.749929905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.750055075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.750123024 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.751796961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.751949072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.752002954 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.753499031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.753628016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.753967047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.755220890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.755350113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.756026983 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.756994009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.757066011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.757112026 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.758718014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.758796930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.758851051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.760436058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.760525942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.762130022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.762188911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.762200117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.762232065 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.763849974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.763947964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.763987064 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.765577078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.765701056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.765748024 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.767764091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.767889977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.768553019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.769020081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.769139051 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.769185066 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.770771027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.770872116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.772438049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.772512913 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.772536993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.772579908 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.774208069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.774239063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.774631977 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.775912046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.775996923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.776051044 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.777620077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.777843952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.777899027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.779378891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.779469967 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.779989004 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.781060934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.781164885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.781214952 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.782813072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.782876968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.782932997 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.784514904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.784609079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.786082029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.786243916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.786348104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.786386967 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.788088083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.788225889 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.788273096 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.789741039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.789849043 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.789896965 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.791403055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.791426897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.791470051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.793179035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.793288946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.793358088 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.794861078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.794971943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.795032978 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.796572924 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.796674013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.796725988 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.798296928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.798413992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.798464060 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.800055981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.800153971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.800199032 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.801914930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.801989079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.802038908 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.803565025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.803699970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.803776979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.805409908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.805555105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.805609941 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.806982994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.807082891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.807132006 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.808630943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.808749914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.808796883 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.810401917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.810455084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.810516119 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.812125921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.812298059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.812423944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.813925982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.814013004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.814646959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.815567970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.815890074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.815934896 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.817260027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.817385912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.817430019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.818964005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.819098949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.819143057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.820745945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.820887089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.820940971 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.822427034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.822557926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.822618961 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.824143887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.824232101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.824291945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.826313972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.826420069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.826654911 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.827598095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.827675104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.827714920 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.829288960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.829380989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.829422951 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.831024885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.831223011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.831278086 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.832902908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.833046913 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.834330082 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.834530115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.834600925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.834641933 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.836288929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.836338043 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.836385012 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.837910891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.838097095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.838144064 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.839739084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.839798927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.839876890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.841362953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.841514111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.841941118 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.843091011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.843172073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.843213081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.844841003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.844976902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.845014095 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.846543074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.846714973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.848278999 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.848346949 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.848458052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.848501921 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.849972963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.850013971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.850060940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.851758003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.851885080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.851941109 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.853442907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.853624105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.853671074 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.855102062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.855185032 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.855381966 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.856933117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.857060909 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.857136011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.858601093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.858753920 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.858797073 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.860316038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.860404015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.860444069 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.862045050 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.862108946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.862154961 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.863851070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.863941908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.863986969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.865520954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.865602970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.865644932 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.867182016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.867252111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.867291927 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.868963003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.869043112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.869136095 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.870670080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.870759964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.870801926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.872406960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.872461081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.872509003 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.874130964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.874228001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.874274969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.875865936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.876096964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.876147985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.877568007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.877649069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.877713919 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.879275084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.879384041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.879443884 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.880980968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.881057024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.881103992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.882720947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.882843971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.882893085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.884428978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.884536028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.884576082 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.886190891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.886270046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.886316061 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.887878895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.888017893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.888071060 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.889641047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.889772892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.889956951 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.891339064 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.891422033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.891473055 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.893117905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.893342018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.893394947 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.894781113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.895047903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.895095110 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.896502972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.896637917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.896728039 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.898257017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.898449898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.898583889 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.899930000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.900064945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.901695013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.901757002 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.901798964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.901885986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.903439045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.903531075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.903593063 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.905205011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.905364037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.905503035 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.906816006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.916614056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.916697979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.916790962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.917387962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.917453051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.917484045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.918869972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.918983936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.919150114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.920444965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.920553923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.920577049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.921916962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.922019958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.922101974 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.923418045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.923494101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.923547029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.924911976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.924957991 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.924988985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.926342010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.926481009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.926542044 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.927778959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.927887917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.927983999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.929167032 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.929224014 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.929306030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.930561066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.930635929 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.930682898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.931974888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.932059050 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.932154894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.933316946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.933363914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.933442116 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.934664965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.934760094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.934824944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.935971022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.936029911 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.936070919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.937287092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.937324047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.937382936 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.938642025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.938841105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.938899994 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.939887047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.939980030 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.940015078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.941198111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.941339970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.941422939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.942419052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.942472935 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.942532063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.943753004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.943845034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.943897963 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.944943905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.945012093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.945041895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.946165085 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.946228027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.946265936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.947386026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.947489977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.947536945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.948623896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.948739052 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.948745966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.949826956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.949887991 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.949944973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.951045990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.951126099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.951195002 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.952389956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.952467918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.952497005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.953387976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.953448057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.953454971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.954554081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.954616070 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.954678059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.955785036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.955856085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.955954075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.956914902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.956986904 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.957019091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.958067894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.958120108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.958199024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.959218025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.959243059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.959268093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.960433006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.960541964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.960593939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.961563110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.961606026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.961661100 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.962611914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.962671995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.962713003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.963726997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.963850021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.963901997 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.964883089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.964945078 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.964992046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.965985060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.966041088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.966042995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.967091084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.967216015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.967272997 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.968154907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.968228102 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.968266010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.969274998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.969295979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.969351053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.970372915 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.970472097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.970527887 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.971431017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.971549034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.971554995 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.972518921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.972601891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.972649097 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.973578930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.973690987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.973748922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.974643946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.974704027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.974767923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.975881100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.975991964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.976046085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.976807117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.976969957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.977020979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.977848053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.977972984 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.978032112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.978874922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.979013920 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.979015112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.979970932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.980043888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.980103970 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.980914116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:19.982742071 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.108768940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.108819008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.108827114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.108935118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.108963966 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109045982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109111071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109118938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109126091 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109172106 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109838963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109899044 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109900951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109910965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.109960079 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.110616922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.110709906 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.110723019 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.110759974 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.111423969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.111471891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.111471891 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.111481905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.111526966 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.112214088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.112277985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.112291098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.112335920 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.112998962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113050938 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113071918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113080978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113131046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113801956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113856077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113862991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.113905907 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.114681005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.114729881 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.114768028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.114775896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.114820957 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.115377903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.115433931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.115442991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.115487099 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116153955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116203070 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116229057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116238117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116282940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116935968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.116991997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117000103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117057085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117738008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117784023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117788076 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117827892 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.117851019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.118550062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.118607044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.118613958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.118659019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.119574070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.119641066 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.119674921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.119683027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.119735956 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.120618105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.120636940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.120650053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.120702982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.121419907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.121473074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.121480942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.121484041 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.121517897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.122159958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.122200966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.122215986 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.122267008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.123204947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.123255014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.123264074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.123267889 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.123303890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.124280930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.124295950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.124304056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.124346018 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125015974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125085115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125097990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125144005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125534058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125566959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125580072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.125626087 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126168013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126219034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126322985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126377106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126389980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126430988 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126895905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126944065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126949072 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.126954079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.127011061 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.127624989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.127681017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.127695084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.127737045 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.128320932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.128391027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.128397942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.128412962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.128443956 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.129175901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.129241943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.129255056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.129307985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.129982948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130042076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130050898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130062103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130106926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130747080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130810022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130822897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.130868912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.131488085 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.131530046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.131542921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.131584883 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.132249117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.132278919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.132292032 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.132333040 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133152962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133204937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133208036 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133213997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133256912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133862972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133900881 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133913040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.133970976 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.134691000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.134716034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.134723902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.134747028 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.134774923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.135436058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.135540962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.135574102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.135597944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.180290937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300448895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300508976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300515890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300621986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300685883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300750017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300755024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300764084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.300805092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301533937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301652908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301711082 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301831961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301901102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301908970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.301945925 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.302666903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.302702904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.302711010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.302735090 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.302772999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.303433895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.303524017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.303539991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.303571939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304227114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304276943 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304280996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304290056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304327011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.304974079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305042028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305049896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305099964 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305805922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305854082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305857897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.305898905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.306579113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.306628942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.306637049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.306687117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.307379961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.307442904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.307451010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.307459116 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.307492971 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.308167934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.308239937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.308245897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.308295012 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309029102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309072971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309079885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309086084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309133053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309746027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309803009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309808969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.309895039 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.310575008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.310616016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.310621023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.310621977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.310652971 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.311336040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.311373949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.311387062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.311417103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.312119007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.312175989 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.312176943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.312185049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.312232018 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313020945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313057899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313064098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313107014 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313720942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313770056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313782930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.313822985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.314505100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.314538956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.314552069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.314584017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.315330029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.315376997 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.315418005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.315426111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.315464973 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316090107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316132069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316139936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316184998 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316885948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316905975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316914082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316940069 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.316961050 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.317678928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.317751884 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.317759037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.317806959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318456888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318512917 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318790913 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318804026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318814993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.318844080 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.319574118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.319591045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.319610119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.319643021 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.319669008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.320363045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.320414066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.320420980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.320482969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321146011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321152925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321170092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321197033 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321218967 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321906090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321950912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.321958065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322000027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322690010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322746992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322755098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322777033 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.322801113 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.323508978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.323529005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.323535919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.323580980 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.324332952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.324379921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.324381113 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.324387074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.324424028 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325115919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325159073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325165987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325193882 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325865984 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325907946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325916052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325917959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.325952053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.326711893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.326729059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.326740026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.326781034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.327514887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.327558041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.327564955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.327574015 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.327605009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.492651939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.492742062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.492749929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.492984056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493061066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493067980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493082047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493082047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493127108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493693113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493757963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493765116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.493813038 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.494481087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.494532108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.494533062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.494541883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.494587898 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.495263100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.495321035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.495336056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.495381117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496057987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496104956 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496121883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496128082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496181011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496886969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496951103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.496958971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.497005939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.497709036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.497754097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.497766018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.497817993 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.498447895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.498480082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.498486996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.498569012 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.499250889 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.499291897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.499305010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.499349117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500041962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500114918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500121117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500166893 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500817060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500879049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500897884 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500905037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.500946999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.501616001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.501672983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.501679897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.501755953 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.502418041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.502460957 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.502510071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.502516985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.502557993 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.503320932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.503334045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.503340960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.503489017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504033089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504086018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504096985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504127026 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504832029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504920959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504971981 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.504998922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.505593061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.505645037 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.505680084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.505686045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.505728960 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.506515980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.506555080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.506561995 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.506604910 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.507205009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.507221937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.507229090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.507260084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.507952929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508014917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508028030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508065939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508780003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508804083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508810997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508835077 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.508853912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.509551048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.509572029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.509577990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.509619951 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510413885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510462046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510605097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510668993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510677099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.510721922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.511392117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.511440039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.511451006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.511493921 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.512193918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.512242079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.512248993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.512289047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.512996912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513050079 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513062000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513164997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513237000 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513777018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513813972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513819933 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.513859987 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.514606953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.514624119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.514636993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.514678001 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.515345097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.515394926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.515400887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.515444040 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516143084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516177893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516184092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516218901 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516943932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516990900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.516999006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517026901 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517750025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517762899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517801046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517884970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.517946959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.518553972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.518610001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.518623114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.518651962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.519309044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.519361973 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.519366026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.519373894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.519416094 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.520051003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.570888042 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684459925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684484005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684567928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684618950 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684648037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684655905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.684699059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.685431004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.685507059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.685532093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.685539961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.685585022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.686218977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.686280012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.686286926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.686328888 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687149048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687195063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687201977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687216043 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687242985 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687870026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687922001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687927008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.687968969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.688597918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.688605070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.688618898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.688654900 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.689312935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.689357996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.689363956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.689404964 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690186024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690193892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690206051 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690243006 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690901995 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690943956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690956116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.690994978 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.691711903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.691750050 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.691761017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.691796064 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.692471981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.692552090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.692558050 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.692603111 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.693331957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.693468094 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.693474054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.693480968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.693521976 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.694224119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.694282055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.694325924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.694344044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.695102930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.695159912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.695167065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.695179939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.695209026 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696037054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696083069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696098089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696130991 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696651936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696708918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696723938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.696762085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.697413921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.697464943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.697478056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.697521925 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698056936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698101997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698107958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698132038 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698169947 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698837996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698885918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698896885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.698932886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.699595928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.699681997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.699693918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.699724913 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.699743986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.700387001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.700438023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.700443983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.700488091 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.701231956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.701272964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.701284885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.701320887 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.701972008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.702012062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.702023983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.702055931 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.702768087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703032017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703056097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703093052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703099012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703141928 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703835964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703924894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703946114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.703979969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.704699039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.704768896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.704777956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.704813957 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.705427885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.705473900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.705481052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.705482006 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.705513954 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.706284046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.706391096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.706398010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.706439018 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707012892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707061052 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707082987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707088947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707134008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707793951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707849979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707864046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.707911015 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.708626986 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.708667040 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.708714008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.708726883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.708760023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.709376097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.709429979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.709436893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.709481001 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710299969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710345984 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710356951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710364103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710407972 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.710952044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711014986 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711020947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711060047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711759090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711889982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.711898088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.758404016 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.876837015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.876904964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.876912117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.876991034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.877274036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.877338886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.877357960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.877365112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.877408981 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878051996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878118038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878123999 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878175020 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878732920 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878774881 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878776073 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878783941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.878827095 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.879487991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.879538059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.879544973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.879589081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.880284071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.880346060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.880352020 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.880388021 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881130934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881138086 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881150007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881187916 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881849051 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881891012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881896973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881915092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.881985903 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.882667065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.882721901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.882728100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.882766962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.883449078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.883491993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.883491993 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.883505106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.883538008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.884262085 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.884335041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.884346962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.884380102 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885148048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885154963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885163069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885194063 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885210037 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885885954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885917902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885924101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.885968924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.886687994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.886694908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.886708021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.886739969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.887414932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.887445927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.887454033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.887480021 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.888212919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.888236046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.888247013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.888287067 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.888976097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889014959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889027119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889064074 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889777899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889820099 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889820099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889834881 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.889868975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.890578985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.890621901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.890634060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.890656948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.891357899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.891410112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.891418934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.891431093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.891460896 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.892261982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.892319918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.892330885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.892380953 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.892976046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893012047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893023968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893059969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893059969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893863916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893877983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893889904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.893928051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894609928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894650936 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894810915 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894874096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894891977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.894910097 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.895554066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.895596981 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.895625114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.895637989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.895667076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.896384954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.896405935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.896424055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.896440029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.897192955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.897222996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.897228956 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.897238970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.897270918 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898049116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898053885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898061037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898086071 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898768902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898803949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898816109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898842096 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.898865938 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.899549007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.899605036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.899616957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.899658918 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.900332928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.900372982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.900387049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.900392056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.900424004 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901141882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901191950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901204109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901228905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901947975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901989937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.901993036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902005911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902040958 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902714014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902757883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902770042 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.902791977 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.903501987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.903542995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.903552055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.903563976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.903599024 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.904259920 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:20.947266102 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.068839073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.068873882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.068881989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.068974018 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069228888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069273949 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069312096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069367886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069407940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.069981098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070039988 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070046902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070085049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070755959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070791960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070805073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070820093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.070888042 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.071540117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.071584940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.071599960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.071629047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.072348118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.072400093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.072438002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.072451115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.072494030 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073205948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073273897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073286057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073317051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073913097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073959112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073964119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.073976994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.074018002 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.074723959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.074779987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.074831009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.074882030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.075567961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.075613022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.075620890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.075634956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.075670958 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.076339960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.076436996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.076450109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.076479912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077100992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077147961 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077192068 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077208042 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077240944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077874899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077948093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077965975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.077991962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.078644991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.078689098 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.078706980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.078722954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.078756094 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.079510927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.079585075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.079598904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.079637051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.080256939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.080311060 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.080315113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.080328941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.080410004 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081121922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081209898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081221104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081259966 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081918001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081931114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081944942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081962109 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.081988096 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.082684040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.082695961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.082710981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.082732916 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.083542109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.083594084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.083623886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.083636045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.083663940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.084371090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.084378004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.084391117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.084439039 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085017920 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085056067 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085078001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085089922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085124969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085815907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085880041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085891962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.085913897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086601019 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086637974 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086848021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086901903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086915970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.086935997 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.087676048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.087718964 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.087759972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.087773085 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.087801933 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.088480949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.088493109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.088505983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.088530064 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.089246035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.089265108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.089277029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.089313984 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.089330912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090022087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090089083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090101957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090131998 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090836048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090878963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090888023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.090913057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.091018915 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.091614008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.091679096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.091694117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.091718912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.092420101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.092463970 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.092621088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.092633963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.092678070 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.093209982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.093285084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.093298912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.093322039 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094022989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094072104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094084024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094090939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094119072 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094782114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094890118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094908953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.094932079 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.095568895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.095612049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.095663071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.095678091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.095715046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.096364975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.150290012 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.260652065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.260715008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.260730028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.260759115 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261034012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261080027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261112928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261471033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261509895 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261511087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.261991024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262033939 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262048960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262062073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262094975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262804031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262851000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262864113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.262887001 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.263580084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.263608932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.263617992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.263623953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.263659000 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.264354944 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.264385939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.264399052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.264422894 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265157938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265201092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265216112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265229940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265269995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.265969038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266002893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266016960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266042948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266735077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266778946 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266778946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266796112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.266838074 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.267786980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.267854929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.267869949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.267900944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.268311977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.268352032 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.268382072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.268395901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.268429041 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269121885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269161940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269175053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269200087 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269916058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269961119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269961119 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.269975901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.270009041 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.270724058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.270788908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.270803928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.270828962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.271543980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.271583080 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.271595001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.271609068 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.271642923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.272344112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.272394896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.272408009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.272427082 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273128033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273159981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273171902 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273174047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273205042 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273890018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273963928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.273977995 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.274000883 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.274842978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.274900913 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.274965048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.274980068 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.275018930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.275475979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.275501966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.275512934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.275543928 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.276262045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.276292086 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.276302099 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.276305914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.276340961 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.277091026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.277143955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.277158976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.277203083 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.277945042 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278017044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278031111 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278033972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278063059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278667927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278897047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278942108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278954029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.278970003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.279028893 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.279706955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.279927969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.279942989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.279963017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.280467987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.280509949 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.280510902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.280525923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.280579090 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.281249046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.281318903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.281332970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.281366110 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282047033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282094955 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282098055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282114029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282149076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282901049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282939911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282946110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.282978058 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.283674955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.283714056 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.283715963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.283731937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.283762932 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.284452915 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.284514904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.284528971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.284553051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.285238981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.285286903 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.285331964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.285346985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.285377979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286020994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286070108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286083937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286109924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286806107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286843061 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286860943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286869049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.286904097 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.287606955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.287652969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.287664890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.287688971 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.341065884 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455440044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455460072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455472946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455523014 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455687046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455744982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.455847979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456149101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456188917 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456223965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456701040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456715107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456727982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456746101 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.456763983 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458076000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458148956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458163023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458210945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458578110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458620071 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458625078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458641052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.458682060 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459008932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459053040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459065914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459094048 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459836006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459877014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459887028 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459891081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.459930897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.460608959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.460648060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.460661888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.460702896 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.461412907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.461441040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.461455107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.461493969 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.461517096 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.462174892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.462249994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.462264061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.462297916 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463035107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463085890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463102102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463115931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463159084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463860035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463890076 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463903904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.463937998 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.464574099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.464610100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.464622021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.464624882 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.464663029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.465337992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.465378046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.465390921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.465423107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466207981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466221094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466232061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466264009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466274977 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466960907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466973066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.466984034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467024088 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467722893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467744112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467765093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467780113 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.467823029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.468559980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.468580961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.468645096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.468650103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.469301939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.469377041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.469388962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.469398975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.469433069 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470189095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470206022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470218897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470246077 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470905066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470947027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470957994 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470961094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.470995903 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.471926928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.471971035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.471982956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472022057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472556114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472615957 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472867012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472955942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.472969055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473002911 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473534107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473578930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473586082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473601103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.473669052 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.474375963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.474430084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.474442005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.474477053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475121975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475167036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475167990 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475179911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475214958 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475934029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.475996017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476010084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476042986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476771116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476809025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476820946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476826906 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.476860046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.477529049 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.477570057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.477581978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.477602959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.478298903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.478343964 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.478363991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.478382111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.478419065 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479090929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479135990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479150057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479171991 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479912043 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479931116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479942083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479959965 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.479990005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.480695963 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.480746984 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.480758905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.480792999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.481470108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.481511116 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.481549978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.481563091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.481595993 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.482266903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.482321024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.482336998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.482357979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.524029016 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648363113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648380041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648400068 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648456097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648467064 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648468971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.648507118 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649142981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649189949 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649224043 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649238110 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649283886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.649924040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650051117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650109053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650571108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650619030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650629997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.650687933 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.651236057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.651288986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.651325941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.651339054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.651386023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652059078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652111053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652128935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652158976 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652910948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652950048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652959108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.652962923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.653007030 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.653654099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.653666973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.653681040 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.653702021 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.654416084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.654428959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.654442072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.654464960 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.654489994 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.655284882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.655328989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.655343056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.655375004 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656018972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656065941 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656090021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656102896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656136990 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656745911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656814098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656827927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.656867981 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.657555103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.657599926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.657607079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.657624960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.657660961 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.658355951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.658376932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.658390045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.658413887 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.659298897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.659348011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.659380913 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.659394026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.659440994 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660247087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660309076 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660320997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660356045 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660721064 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660778046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660779953 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660785913 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.660828114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.661514044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.661591053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.661603928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.661637068 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.662286997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.662331104 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.662343025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.662357092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.662395954 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663113117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663187027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663201094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663224936 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663896084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663939953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663947105 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663954973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.663995981 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.664690018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.664769888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.664783001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.664809942 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665456057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665507078 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665694952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665776014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665790081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.665819883 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.666508913 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.666560888 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.666572094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.666585922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.666626930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.667325020 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.667381048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.667393923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.667427063 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668096066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668157101 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668174982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668188095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668251038 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668885946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668936014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668947935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.668978930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.669696093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.669715881 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.669749022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.669815063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.669857025 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.670562983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.670604944 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.670617104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.670651913 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.671293974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.671354055 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.671370029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.671544075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.671581984 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.672461987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.672506094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.672518969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.672549009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.673499107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.673542023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.673577070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.673589945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.673633099 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.674706936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.674753904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.674766064 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.674792051 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675333977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675364017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675390005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675403118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675440073 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675806046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675851107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675863028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.675887108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.676197052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.676254034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840425014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840481997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840492964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840564966 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840605974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840619087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.840651035 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.841259003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.841300011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.841303110 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.841315985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.841348886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842045069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842123032 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842134953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842163086 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842854977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842901945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842938900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842952013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.842998028 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.843651056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.843693972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.843705893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.843734026 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.844435930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.844481945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.844482899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.844500065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.844531059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.845207930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.845277071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.845288992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.845315933 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.845990896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846039057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846059084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846072912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846102953 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846788883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846826077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846837997 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.846949100 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.847668886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.847681046 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.847692966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.847722054 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.847745895 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.848481894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.848494053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.848505020 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.848525047 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849221945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849231958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849245071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849256992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849275112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.849951982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850024939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850038052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850063086 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850924015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850953102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850964069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850965977 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.850999117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.851569891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.851607084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.851622105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.851648092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.852334976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.852360964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.852372885 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.852379084 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.852408886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853156090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853225946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853277922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853305101 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853929996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853975058 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853982925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.853996038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.854023933 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.854734898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.854773998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.854785919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.854809999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.855606079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.855608940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.855612993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.855665922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.856302977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.856343031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.856354952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.856378078 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857110023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857152939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857161999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857167006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857197046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857913017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857944012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857954979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.857981920 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.858670950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.858716965 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.858937025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.858993053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859004974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859030008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859755993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859802008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859821081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859833002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.859880924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.860553980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.860625029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.860636950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.860739946 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.861356974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.861402035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.861402988 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.861413956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.861440897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.862143993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.862195015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.862207890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.862237930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863008022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863055944 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863066912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863078117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863126040 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863703966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863744974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863756895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.863830090 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.864492893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.864538908 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.864542961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.864557028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.864593029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.865299940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.865329981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.865341902 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.865365982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866147041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866194010 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866203070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866214991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866245031 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866916895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866974115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.866986990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.867011070 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.867691994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.867753983 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.867782116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:21.914664984 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044128895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044173002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044181108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044259071 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044509888 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044558048 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044635057 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.044964075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045001030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045008898 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045023918 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045046091 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045751095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045804024 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045811892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.045861006 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.046617985 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.046667099 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.046690941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.046736956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.046844959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.047434092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.047547102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.047554970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.047596931 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.048223019 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.048232079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.048245907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.048288107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.048995972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049002886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049015045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049050093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049786091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049833059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049844980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.049926996 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.050509930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.050571918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.050580978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.050659895 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.051326990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.051383972 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.051399946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.051408052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.051451921 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052119017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052150011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052158117 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052201986 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052903891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052939892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052953005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052956104 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.052983999 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.053692102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.053728104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.053735018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.053776979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.054511070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.054565907 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.054569006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.054578066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.054624081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.055260897 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.055326939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.055335045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.055377007 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056088924 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056138992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056169033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056179047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056235075 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056871891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056940079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056946993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.056988955 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.057657957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.057727098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.057733059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.057749987 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.057775974 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.058485031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.058608055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.058615923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.058664083 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.059329987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.059366941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.059380054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.059422970 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060206890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060271978 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060278893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060321093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060856104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060884953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060894012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060914993 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.060945988 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.061665058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.061933994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.061976910 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.061976910 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.061988115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.062021017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.062669992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.062705994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.062717915 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.062758923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.063468933 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.063532114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.063534975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.063544035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.063586950 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.064270020 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.064301968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.064308882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.064357042 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.065077066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.065119028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.065128088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.065129995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.065207005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066109896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066170931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066184998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066226959 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066762924 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066831112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066852093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066859961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.066905022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.067410946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.067435980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.067442894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.067487001 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.068211079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.068279982 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.068286896 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.068321943 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069021940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069061995 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069068909 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069116116 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069822073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069860935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069869041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.069914103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.070627928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.070676088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.070683956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.070724964 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.071358919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.071403027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.071449041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.117794037 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236506939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236560106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236589909 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236691952 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236882925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236937046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236943007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236951113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.236998081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.237688065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.237782001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.237787962 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.237837076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.238440990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.238496065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.238512039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.238558054 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.239540100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.239558935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.239605904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.239607096 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240294933 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240302086 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240318060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240360975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240890026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240897894 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240916014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.240953922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.241609097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.241662979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.241669893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.241677046 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.241709948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.242389917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.242454052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.242460966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.242507935 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243201971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243267059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243267059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243277073 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243324995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.243988037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244055986 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244069099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244105101 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244811058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244857073 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244874001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244882107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.244925976 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.245620966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.245692015 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.245698929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.245750904 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.246434927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.246503115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.246509075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.246517897 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.246558905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.247226000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.247294903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.247302055 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.247345924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.247977018 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248047113 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248060942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248070002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248109102 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248878002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248930931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248938084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.248974085 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.249748945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.249798059 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.249834061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.249842882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.249902010 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.250355959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.250423908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.250437021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.250479937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251127005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251190901 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251225948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251235008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251271009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.251954079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252167940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252175093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252221107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252729893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252805948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252821922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252835989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.252886057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.253627062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.253892899 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.253942013 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.253942966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254055977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254134893 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254585028 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254658937 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254672050 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.254709005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.255384922 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.255435944 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.255444050 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.255445004 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.255487919 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.256206989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.256340027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.256388903 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.256401062 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257112980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257158041 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257242918 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257256031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257299900 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257868052 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257920027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257926941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.257967949 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.258589983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.258634090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.258641958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.258645058 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.258671045 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.259387016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.259408951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.259418011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.259466887 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260165930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260214090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260221004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260222912 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260272980 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.260931969 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261043072 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261055946 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261149883 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261729956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261779070 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261795998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261802912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.261845112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.262569904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.262614965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.262622118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.262665987 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.263331890 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.263385057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.263417959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.263426065 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.263465881 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.264071941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.305233955 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.429965973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430012941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430021048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430097103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430269957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430330038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430335045 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430337906 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.430376053 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431165934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431261063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431267977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431319952 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431883097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431953907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431960106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431961060 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.431997061 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.432677984 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.432708025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.432715893 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.432760000 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.433494091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.433500051 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.433512926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.433857918 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.434238911 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.434298038 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.434304953 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.434350014 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435029030 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435101032 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435115099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435120106 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435151100 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435822964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435909033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435914993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.435961962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.436613083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.436669111 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.436728954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.436736107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.436775923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.437480927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.437517881 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.437536001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.437552929 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.438231945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.438286066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.438293934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.438366890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.438366890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.439088106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.439116955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.439129114 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.439157009 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.439985991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440072060 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440079927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440105915 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440123081 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440705061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440752029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440758944 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.440800905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.441416979 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.441468000 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.441472054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.441478968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.441515923 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.442187071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.442248106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.442260981 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.442291975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.442981958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443042994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443048954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443065882 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443099022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443793058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443873882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443887949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.443922043 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.444564104 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.444602013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.444610119 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.444614887 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.444684029 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.445359945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.445453882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.445461035 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.445492983 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446146965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446177006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446182966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446216106 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446239948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446929932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446983099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.446990013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.447027922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.447819948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.447947025 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.447988987 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448050022 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448056936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448096037 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448868990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448888063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448899031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.448940992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.449579000 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.449645996 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.449652910 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.449692965 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.450431108 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.450455904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.450464010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.450479031 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.450508118 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.451185942 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.451253891 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.451265097 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.451309919 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452037096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452043056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452055931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452090025 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452784061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452827930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452847958 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.452872992 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.453521013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.453581095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.453588009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.453634024 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.454411983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.454468012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.454473972 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.454516888 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455127001 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455177069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455183029 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455228090 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455940008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455975056 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.455981970 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.456017017 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.456695080 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.456753016 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.456759930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.456790924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.457454920 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.508389950 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622029066 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622092009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622106075 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622216940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622339964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622399092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622422934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622450113 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.622467995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.623136044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.623197079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.623203039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.623235941 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624002934 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624048948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624056101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624103069 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624695063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624743938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624751091 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.624794960 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.625544071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.625586033 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.625662088 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.625675917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.625713110 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.626246929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.626313925 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.626332998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.626393080 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627037048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627080917 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627094984 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627110004 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627144098 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627842903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627923965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627931118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.627976894 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629194975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629203081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629209042 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629245996 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629656076 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629714966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629728079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.629759073 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.630259991 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.630315065 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.630367994 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.630376101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.630414963 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631021023 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631103992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631110907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631149054 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631838083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631894112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.631906033 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.632107019 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.632586956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.632642031 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.632648945 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.632703066 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.633390903 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.633455992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.633461952 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.633498907 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.633518934 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.634177923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.634277105 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.634301901 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.634327888 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.634982109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635104895 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635112047 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635159016 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635770082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635824919 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635832071 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.635878086 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.636554003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.636622906 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.636637926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.636712074 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.637342930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.637394905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.637407064 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.637442112 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.638150930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.638219118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.638231039 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.638266087 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.638938904 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.639012098 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.639024973 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.639059067 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.639731884 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.639983892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.640031099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.640043974 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.640075922 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663467884 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663496017 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663511992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663598061 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663610935 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663664103 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663677931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663707972 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663770914 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663778067 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663790941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663798094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663820982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.663894892 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664010048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664016008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664028883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664036036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664045095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664052010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664057016 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664071083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664093971 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664277077 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664421082 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664436102 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664444923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664447069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664450884 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664464951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664488077 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664499998 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664506912 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664513111 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664520025 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664532900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664544106 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664614916 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664870977 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664879084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664891005 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664896965 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664925098 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.664941072 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.665000916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.711522102 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814008951 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814085007 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814093113 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814220905 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814327955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814383984 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814471960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814510107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814517021 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.814567089 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.815316916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.815366983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.815375090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.815429926 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.816162109 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.816335917 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.816343069 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.816385031 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817203045 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817217112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817230940 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817260027 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817296982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817863941 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817871094 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817878008 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.817925930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.818572044 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.818618059 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.818625927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.818675041 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.819294930 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.819359064 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.819366932 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.819415092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820012093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820065022 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820071936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820086956 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820133924 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820794106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820857048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820864916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.820915937 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.821599960 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.821645975 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.821654081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.821657896 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.821688890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.822386980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.822437048 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.822451115 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.822490931 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.823204041 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.823271990 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.823280096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.823324919 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.823986053 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824039936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824047089 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824095011 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824764013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824800968 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824807882 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824819088 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.824848890 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.825556993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.825614929 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.825622082 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.825669050 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.826378107 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.826426983 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.826437950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.826458931 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.826495886 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.827145100 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.827199936 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.827212095 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.827250957 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.827955961 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828003883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828011036 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828056097 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828789949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828823090 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828835011 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.828869104 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.829539061 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.829566002 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.829572916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.829617977 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.830313921 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.830408096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.830415010 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.830451965 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831105947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831162930 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831163883 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831172943 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831222057 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.831942081 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.832000971 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.832014084 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.832055092 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.832731009 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.832973957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833054066 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833077908 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833086014 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833132982 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833833933 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833879948 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833888054 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833892107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.833928108 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.834532976 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.834585905 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.834593058 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.834638119 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.835382938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.835422993 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.835429907 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.835439920 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.835477114 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.836198092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.836205959 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.836220026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.836277008 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837004900 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837075949 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837083101 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837138891 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837774992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837832928 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837841034 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.837887049 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.838535070 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.838586092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.838593006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.838619947 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.838645935 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.839348078 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.839373112 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.839380026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.839421034 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840101957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840157986 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840166092 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840212107 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840894938 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840950012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.840958118 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:22.841012955 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006212950 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006230116 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006242037 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006309032 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006433964 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006479979 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006505966 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006519079 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.006561995 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.007224083 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.007277012 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.007289886 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.007342100 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008097887 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008142948 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008147955 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008161068 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008222103 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008919954 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008966923 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.008980989 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.009040117 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.009645939 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.009675026 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.009689093 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.009732962 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.010396957 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.010468006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.010479927 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.010514975 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011184931 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011240005 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011274099 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011291027 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011742115 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.011974096 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012023926 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012037992 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012077093 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012757063 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012799978 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012846947 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012859106 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.012901068 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.013643980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.013688087 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.013701916 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.013746023 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014328003 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014421940 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014441013 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014492989 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014733076 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.014776945 CET497072456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.134274006 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:23.134289980 CET245649707185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.506236076 CET49721443192.168.2.1094.245.104.56
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.506262064 CET4434972194.245.104.56192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.506597042 CET49721443192.168.2.1094.245.104.56
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.694062948 CET49721443192.168.2.1094.245.104.56
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.694084883 CET4434972194.245.104.56192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:41.355333090 CET49721443192.168.2.1094.245.104.56
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:41.399337053 CET4434972194.245.104.56192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:41.872867107 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:41.992672920 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:41.992774963 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:42.001708984 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:42.121164083 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:42.466501951 CET4434972194.245.104.56192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:42.466572046 CET49721443192.168.2.1094.245.104.56
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.302882910 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.302966118 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.303138018 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.312222958 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.431684971 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.742837906 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.755098104 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:43.874618053 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.186181068 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.190001965 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.309634924 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.309695959 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.429224014 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.775252104 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.778371096 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.898086071 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:44.898135900 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.017633915 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.614413023 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.614424944 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.614619970 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.645647049 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.645792007 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.646009922 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.646119118 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.646214962 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.646286011 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765213966 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765533924 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765547037 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765573978 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765583992 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765686035 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765691042 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765698910 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765880108 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765892982 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765897036 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765924931 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765954971 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765985966 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.765995026 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.766063929 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.766087055 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.766164064 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885247946 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885320902 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885363102 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885392904 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885452986 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885463953 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885570049 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885601997 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885688066 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885724068 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885734081 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885746002 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885798931 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885803938 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885848999 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885848999 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885907888 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885936975 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.885999918 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.886071920 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:45.886106014 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.005815983 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.005923033 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006002903 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006007910 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006472111 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006478071 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006633043 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006638050 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006649017 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006653070 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006787062 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006791115 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006925106 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006928921 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006938934 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006942034 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006967068 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.006970882 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.007009029 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.007013083 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.500679016 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.555474043 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.575608969 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.575732946 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.575793982 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.575894117 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.575912952 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.697748899 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.697757959 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.697967052 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.698016882 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.698103905 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.701498032 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.704232931 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.704289913 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.704336882 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.713704109 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.722014904 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.722023964 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.722044945 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.722050905 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:46.722129107 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.039988995 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.043311119 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.043435097 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.043492079 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.162851095 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163045883 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163095951 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163126945 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163180113 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163197994 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163337946 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163347960 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163434029 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.163444042 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.282800913 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.602737904 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.602787971 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.602848053 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.603158951 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.603174925 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.730649948 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.774204969 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.742980957 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.803437948 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.803476095 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.803530931 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.803767920 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.803780079 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.804066896 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.804111004 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.804162025 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.804311991 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.804325104 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.862517118 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.862582922 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.982124090 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.322696924 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.322801113 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.322818995 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.322859049 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.322930098 CET497262456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.442363977 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.442379951 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.442394018 CET245649726185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.548872948 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549335003 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549346924 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549734116 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549750090 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549802065 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549808025 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.549860954 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.550467014 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.552033901 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.552104950 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.552355051 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.552366972 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.602319956 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634159088 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634213924 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634422064 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634510994 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634555101 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634643078 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634695053 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634711981 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634834051 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:49.634845972 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.017118931 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.017455101 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.017467976 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.018488884 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.018562078 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.019177914 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.019639015 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.019648075 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020296097 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020353079 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020580053 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020586967 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020745993 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.020798922 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.022042036 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.022110939 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.022192001 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.063322067 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.071062088 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.071795940 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.071805000 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.117934942 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.229263067 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.233454943 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.233535051 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.233551979 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.245768070 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.245840073 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.245855093 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.255877018 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.255958080 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.255971909 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.267239094 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.270643950 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.270657063 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.291155100 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.291228056 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.291239023 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.296174049 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.296226025 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.296236038 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.336694002 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.349042892 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.353132963 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.353169918 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.353185892 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.353204012 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.353259087 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.420994997 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.425743103 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.425802946 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.425820112 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.435960054 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.436019897 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.436036110 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.448086977 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.448256016 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.448451042 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.448577881 CET49742443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.448601961 CET44349742162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449069023 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449162006 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449239016 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449328899 CET49743443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449351072 CET44349743162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449431896 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449678898 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.449687004 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.462877989 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.462937117 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.462949991 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.476888895 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.477147102 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.477158070 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.490108967 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.490161896 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.490170956 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.503701925 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.503757000 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.503765106 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.517220020 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.517285109 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.517297029 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.529932022 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.529993057 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.530002117 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.541735888 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.541804075 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.541812897 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.553395987 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.553483963 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.553495884 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.565479994 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.565551996 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.565567017 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.577116013 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.577174902 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.577181101 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.601636887 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.601701975 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.601720095 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.606122971 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.606158972 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.606169939 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.606175900 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.606225014 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.615060091 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.623639107 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.623681068 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.623697042 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.623708963 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.623760939 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.629951954 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.637620926 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.637689114 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.637696028 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.645189047 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.645246029 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.645256042 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.652544022 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.652614117 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.652615070 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.652626038 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.652684927 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.660191059 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.667732954 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.667784929 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.667795897 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.675235987 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.675299883 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.675307035 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.684994936 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.685038090 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.685137987 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.685146093 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.685602903 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.690346003 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.697807074 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.697869062 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.697875023 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.705261946 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.705322981 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.705328941 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.713268995 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.713356018 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.713376045 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.713382006 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.713484049 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.729296923 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.730690002 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.730730057 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.730761051 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.730767965 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.730811119 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.735516071 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.743088007 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.743134975 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.743180037 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.743185997 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.743218899 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.750435114 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.757637978 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.757692099 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.757699013 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.764662981 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.764750004 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.764771938 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.764780998 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.764812946 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.771606922 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.778872967 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.778919935 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.778944969 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.778954029 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.779011011 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.793908119 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.793977022 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.794102907 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.794109106 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.796983004 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.797024965 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.797030926 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.798048019 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.798095942 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.798101902 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.801883936 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.801944971 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.801950932 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.807051897 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.807173014 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.807179928 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.811084986 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.811136961 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.811142921 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.816015005 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.816097021 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.816112995 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.820360899 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.820547104 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.820552111 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.824913979 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.825012922 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.825017929 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.825191021 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.825225115 CET44349741172.217.17.65192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.825280905 CET49741443192.168.2.10172.217.17.65
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.842840910 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.843267918 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.843291998 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.843375921 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.843620062 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.843637943 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.844377041 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.844443083 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.844791889 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.844840050 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.845252037 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.845312119 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.846462965 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.846472979 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.847496033 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.847575903 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.847852945 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.847858906 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.850946903 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.850980043 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851038933 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851195097 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851222992 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851339102 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851349115 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851367950 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851738930 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.851752043 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.883601904 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.883681059 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.883848906 CET44349744162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.883862972 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.883913994 CET49744443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.899199009 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.965868950 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.965970993 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.966157913 CET44349745162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.966222048 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.966257095 CET49745443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.068631887 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.069010019 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.069031000 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070103884 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070182085 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070487022 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070555925 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070679903 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070858955 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.070879936 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.071212053 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.071774960 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.071844101 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.117957115 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.117974997 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.117991924 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.164814949 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:54.337066889 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:54.458698034 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:54.458786011 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:54.458892107 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:54.578470945 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:55.830442905 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:55.830564976 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:55.830672026 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:55.839602947 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:55.959125996 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.265578985 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.268547058 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.388247013 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.690685987 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.693367004 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.813126087 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.813225031 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:56.932764053 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.266340017 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.268991947 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.388652086 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.388848066 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.508505106 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842032909 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842708111 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842786074 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842787981 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842812061 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842833042 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.842874050 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.851232052 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.851434946 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.854496956 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.854610920 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.854665995 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.862838984 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.864392042 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.864408970 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.864476919 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.869407892 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.869482994 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.869534969 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.874382973 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.874411106 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.874490023 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.962441921 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.962557077 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:57.962682962 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.034900904 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.034981966 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.035073042 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.038439989 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.038482904 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.038577080 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.045804977 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.045938015 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.046019077 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.052742958 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:58.102344990 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:00.473901033 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:00.692995071 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:00.693114042 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:00.813007116 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.168241978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.168381929 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.168430090 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.168513060 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.173927069 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.173980951 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.175378084 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.175442934 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.175518036 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.178318024 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.178376913 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.178447008 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.183826923 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.183958054 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.184032917 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.187149048 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.192209959 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.192286015 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.192368031 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.195090055 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.195656061 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.199480057 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.199714899 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.199780941 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.202151060 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.205338955 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.205399036 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.205676079 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.207034111 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.207098961 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.207163095 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.210443974 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.210520983 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.210582972 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.213648081 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.213670015 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.213720083 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.216923952 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.216995955 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.217001915 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.222498894 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.223571062 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.223656893 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.223680973 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.223718882 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.229192972 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.230154991 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.230225086 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.230745077 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.235724926 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.236733913 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.236804962 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.236814022 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.236870050 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.242644072 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.242670059 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.242741108 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.247898102 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.288074970 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.288100958 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.288218975 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.290846109 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.291090012 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.291209936 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.360454082 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.360552073 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.360647917 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.362271070 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.362328053 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.362381935 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.365943909 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.367417097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.367487907 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.367522001 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.370776892 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.370860100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.371525049 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.371601105 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.371654987 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.375011921 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.376110077 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.376188993 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.376266003 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.379292965 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.379368067 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.379410982 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.382827044 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.382908106 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.384439945 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.384551048 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.384612083 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.387774944 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.387805939 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.387892008 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.391355038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.392553091 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.392616987 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.392621994 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.396131039 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.396197081 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.396442890 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.399732113 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.399810076 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.401124001 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.401201010 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.401350975 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.404609919 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.404716015 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.404786110 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.408201933 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.409452915 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.409522057 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.409557104 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.413033009 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.413105965 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.413242102 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.416640997 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.416685104 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.416776896 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.418688059 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.418759108 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.418775082 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.420800924 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.420861006 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.420913935 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.422904015 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.422955990 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.423007965 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.425013065 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.425066948 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.425101042 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.427129030 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.427181959 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.427216053 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.429230928 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.429244041 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.429286957 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.477351904 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.480284929 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.480453968 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.480535030 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.481445074 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.481760025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.481802940 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.481837988 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.483831882 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.483876944 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.484193087 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.484273911 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.484307051 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.552529097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.552556038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.552690029 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.553587914 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.553778887 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.553838015 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.555533886 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.559848070 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.559905052 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.559987068 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.560794115 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.560839891 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.560875893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.562633038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.562681913 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.563328028 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.563406944 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.563451052 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.565340996 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.565507889 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.565552950 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.567444086 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.568131924 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.568175077 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.568254948 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.570067883 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.570121050 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.570163012 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.572158098 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.572206974 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.572241068 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.574335098 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.574383974 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.574419022 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.576143026 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.576190948 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.576251984 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.577626944 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.577677011 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.577711105 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.579643965 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.579694033 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.579742908 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.581842899 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.581904888 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.582009077 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.583825111 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.583875895 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.583899021 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.585710049 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.585751057 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.585760117 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.587245941 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.587299109 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.587347031 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.589240074 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.589288950 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.589330912 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.591218948 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.591263056 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.591300964 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.593257904 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.593312025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.593391895 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.595252991 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.595268011 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.595297098 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.597279072 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.597321987 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.695739985 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.815176010 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.815239906 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:01.934824944 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.271585941 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.271668911 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.271702051 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.271738052 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.273248911 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.273329973 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.273514986 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.273614883 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.273684025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.275137901 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.275412083 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.275464058 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.275499105 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.277019024 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.277275085 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.277312040 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.277488947 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.277551889 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.278346062 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.278377056 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.278425932 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.279293060 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.279396057 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.279567003 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.280829906 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.281138897 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.281177044 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.281339884 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.283013105 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.283113003 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.283155918 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.284363985 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.284454107 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.284928083 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.285027981 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.285104036 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.286602974 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.286709070 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.286801100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.288178921 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.288755894 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.288830042 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.288857937 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.290369034 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.290433884 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.290460110 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.292074919 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.292184114 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.292654037 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.292749882 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.292810917 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.294176102 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.294281960 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.294328928 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.295775890 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.295972109 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.296020031 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.297388077 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.297527075 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.297570944 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.299002886 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.299117088 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.299164057 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.300627947 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.300719976 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.300770044 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.302253962 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.302321911 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.302360058 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.303867102 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.303958893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.304006100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.305448055 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.305562973 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.305612087 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.307106972 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.307178974 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.307223082 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.308691978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.308741093 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.308794975 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.310271978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.310389042 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.310431004 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.311953068 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.312069893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.312207937 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.313522100 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.313618898 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.313674927 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.315154076 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.315428972 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.315777063 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.316721916 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.316843033 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.316905022 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.318316936 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.318435907 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.318511009 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.320017099 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.320079088 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.320169926 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.321710110 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.321841955 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.321914911 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.323198080 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.323287964 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.323334932 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.324856043 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.324887037 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.324965000 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.326464891 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.326549053 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.326648951 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.328035116 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.328098059 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.328166008 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.329694986 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.329823017 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.330059052 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.331243038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.331373930 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.331423998 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.331533909 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.332848072 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.332899094 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.332998991 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.334464073 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.334573984 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.334639072 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.336096048 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.336210966 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.336283922 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.337682009 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.337802887 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.337848902 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.339281082 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.339359999 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.339410067 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.340881109 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.340996981 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.341046095 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.342509031 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.342601061 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.342638016 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.344141960 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.344259024 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.344295025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.345747948 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.345848083 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.345891953 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.347382069 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.347434998 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.347495079 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.348934889 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.349051952 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.349124908 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.350583076 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.350649118 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.350759029 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.352250099 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.352360010 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.352405071 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.353792906 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.353820086 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.353951931 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.354031086 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.354055882 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.355381966 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.355523109 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.355576038 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.357019901 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.357075930 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.357201099 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464009047 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464132071 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464217901 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464626074 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464700937 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.464755058 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.466054916 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.466133118 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.466187954 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.468463898 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.468470097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.468535900 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.468873024 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.469012022 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.469090939 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.470453024 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.470468044 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.470580101 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.471750021 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.471767902 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.471875906 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.472539902 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.472671986 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.472821951 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.473809004 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.473901987 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.474051952 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.810318947 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.929908037 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:02.930663109 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.050153017 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.384691954 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.384805918 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.384871960 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.384939909 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.386029959 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.386075974 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.386243105 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.386363983 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.387330055 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.387609005 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.387753963 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.387794018 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.387855053 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.388968945 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.389233112 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.389276981 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.389440060 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.389483929 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.390496016 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.390714884 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.390834093 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.390873909 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.391964912 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.392004013 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.392220974 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.392318010 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.392710924 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.393491030 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.393697023 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.393819094 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.393860102 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.394954920 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.394999981 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.395183086 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.395252943 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.396430969 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.396544933 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.396620035 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.396620035 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.397696972 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.398133993 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.398260117 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.398308039 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.399461031 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.399523973 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.399584055 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.400665998 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.400995016 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.401109934 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.401240110 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.401279926 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.402412891 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.402503014 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.403635025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.403683901 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.404131889 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.404185057 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.404232025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.405368090 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.405463934 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.405481100 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.406665087 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.406776905 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.406795025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.407953978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.407991886 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.408057928 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.409149885 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.409230947 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.409235001 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.410415888 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.410505056 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.410547018 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.411669016 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.411731005 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.411786079 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.412964106 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.413032055 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.413085938 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.414164066 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.414233923 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.414251089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.415580034 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.415776014 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.415827990 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.416734934 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.416804075 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.416842937 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.418013096 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.418167114 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.418227911 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.419287920 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.419369936 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.419398069 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.421581984 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.421737909 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.421792030 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.421976089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.421988964 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.422019005 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.423156977 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.423238039 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.423460007 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.424312115 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.424669027 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.424685001 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.425586939 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.425637007 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.425682068 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.426836014 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.426940918 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.426985979 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.428093910 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.428139925 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.428204060 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.429387093 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.429528952 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.429574013 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.430721045 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.430766106 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.430855036 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.431886911 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.431930065 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.431960106 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.477319956 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.761485100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.881056070 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:03.881133080 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.000689983 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.337131977 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.337241888 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.337404966 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.337454081 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.338627100 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.338675022 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.338923931 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.339008093 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.339056969 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.339735985 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.339951038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.339996099 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.340066910 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.341218948 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.341267109 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.341439009 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.341567039 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.341608047 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.342693090 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.342964888 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.343009949 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.343070984 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.344223022 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.344268084 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.344475985 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.344579935 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.344639063 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.347884893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.347974062 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.347985029 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.347991943 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.347997904 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.348004103 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.348087072 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.348807096 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.349287033 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.349334002 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.349605083 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.350769997 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.350815058 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.350908041 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.351751089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.351797104 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.352091074 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.352210045 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.352447033 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.353732109 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.353750944 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.353801012 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.354657888 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.355027914 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.355142117 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.355345011 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.356391907 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.356429100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.356571913 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.357491016 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.357544899 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.357934952 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.358123064 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.358268976 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.359338999 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.359350920 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.359385014 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.360354900 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.360677958 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.360721111 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.361869097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.361882925 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.361929893 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.363087893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.363265038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.363301992 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.364456892 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.364614964 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.364655018 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.365578890 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.365773916 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.365823984 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.366951942 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.367141008 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.367189884 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.367921114 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.368056059 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.368693113 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.369359016 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.369869947 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.369918108 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.370043039 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.370945930 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.371006012 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.371259928 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.372407913 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.372467041 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.372566938 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.373590946 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.373636961 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.373667955 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.374934912 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.374977112 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.375082016 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.376128912 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.376177073 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.376300097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.377659082 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.377671957 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.377708912 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.378652096 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.378695011 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.378829002 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.379920959 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.379993916 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.380089998 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.381083965 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.381131887 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.381247044 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.382443905 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.382540941 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.382738113 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.383764029 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.383820057 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.383852005 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.384850979 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.384891033 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.385029078 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.386384010 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.386424065 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.386547089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.387432098 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.387444019 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.387655020 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.388794899 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.388808012 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.388926983 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.389895916 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.389939070 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.389981031 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.392659903 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.392704010 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.392823935 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.392968893 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.392986059 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.393004894 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.393918991 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.393932104 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.393965006 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.394992113 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.395035028 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.395296097 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.396317005 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.396361113 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.396651983 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.397650957 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.397663116 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.397701025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.398963928 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.399039984 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.399080038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.400202036 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.400250912 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.400371075 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.401417971 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.401527882 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.401577950 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.402585983 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.402647018 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.402765989 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.403852940 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.404150009 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.404211998 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.529777050 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.529793978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.529864073 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.530390978 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.530404091 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.530456066 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.531526089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.531538963 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.531590939 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.533880949 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534039021 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534156084 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534338951 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534352064 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534399986 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.534415007 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.536456108 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.536473989 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.536535025 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.537215948 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.537265062 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.537395000 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.537558079 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.537659883 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.538355112 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.538506031 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.538666964 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.539469957 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.539618969 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.539832115 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.540478945 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.540617943 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.540757895 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.540834904 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.541626930 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.541668892 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.541680098 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.542646885 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.542756081 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.542813063 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.543912888 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.543962955 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.544174910 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.544547081 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.544593096 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.544856071 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.545006037 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.545072079 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.546030045 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.546147108 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.546303034 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.547183037 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.547271013 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.547472000 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.547929049 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.548105955 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.548782110 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.549109936 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.549285889 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.549334049 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.550265074 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.550384998 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.550549984 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.551476002 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.551867008 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.551924944 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.551999092 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.552839994 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.552874088 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.552892923 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.553951025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.554128885 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.554189920 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.555180073 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.555233955 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.555433989 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.555610895 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.555702925 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.557070017 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.557774067 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.557833910 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559715033 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559727907 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559740067 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559751987 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559794903 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.559858084 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.560868025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.560923100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.561028957 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.562043905 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.562110901 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.562210083 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.563129902 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.563184977 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.563584089 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.563596964 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.563638926 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.564549923 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.564874887 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.564934969 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.565790892 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.565944910 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.565999985 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.567135096 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.567303896 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.567351103 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.567451954 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.568625927 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.568681955 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.568778038 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.569485903 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.569787025 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.569842100 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:04.891169071 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.010827065 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.011065960 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.130729914 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490561008 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490578890 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490654945 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490771055 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490771055 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490818977 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.490880013 CET497482456192.168.2.10185.147.124.244
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.610357046 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.610369921 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.610379934 CET245649748185.147.124.244192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.821396112 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.821434975 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.821515083 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.821775913 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:05.821790934 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.873848915 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.873922110 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.874134064 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.874610901 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.874844074 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:06.875293016 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.284351110 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.284420013 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.289572001 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.289583921 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.289987087 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.291518927 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:07.339333057 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.932454109 CET49746443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.932488918 CET44349746162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.932559013 CET49747443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.932589054 CET44349747162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654330969 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654377937 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654442072 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654674053 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654714108 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654779911 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654989004 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.655003071 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.655090094 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.655108929 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.074883938 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.074956894 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.075016975 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.075100899 CET49755443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.075120926 CET4434975592.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912072897 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912416935 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912739992 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912760973 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912858963 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.912873983 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.913104057 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.913403988 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.913497925 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.913954973 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.914014101 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.914251089 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.914319038 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.957540035 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.960783005 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.960812092 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.008583069 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.087198973 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.087241888 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.087327957 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.087444067 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.087456942 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.580157995 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.580277920 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.584779978 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.584791899 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.585050106 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.585951090 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:14.627363920 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:19.346843004 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:19.346965075 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:19.347012043 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:19.347084045 CET49781443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:19.347105026 CET4434978192.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:20.337286949 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:20.337331057 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:20.337413073 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:20.337544918 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:20.337558985 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.856343031 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.856427908 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.861116886 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.861128092 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.861362934 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.862505913 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:21.903322935 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.660892010 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.660953999 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.661056042 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.661201000 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.661221027 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.661252975 CET49797443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:26.661259890 CET4434979792.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.649955988 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.650008917 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.650127888 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.650199890 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.650207043 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.717349052 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.717447996 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.717514038 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.719540119 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.719711065 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:27.719769001 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.105179071 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.105963945 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.109622002 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.109639883 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.109888077 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.111136913 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:29.151341915 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:33.907644033 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:33.907812119 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:33.907875061 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:33.908052921 CET49812443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:33.908075094 CET4434981292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:34.915290117 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:34.915326118 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:34.915406942 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:34.915524960 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:34.915539026 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.381166935 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.381578922 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.385715008 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.385723114 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.385993958 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.386832952 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:36.431324005 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182596922 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182678938 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182822943 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182899952 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182913065 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182975054 CET49829443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:41.182981014 CET4434982992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:42.181972980 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:42.182019949 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:42.182188988 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:42.182216883 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:42.182223082 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.122144938 CET49773443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.122175932 CET44349773162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.122217894 CET49772443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.122246027 CET44349772162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.654885054 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.655008078 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.659126043 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.659132004 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.659368992 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.660217047 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.703329086 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456299067 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456381083 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456454039 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456496000 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456512928 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456578016 CET49849443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:48.456584930 CET4434984992.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:49.470686913 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:49.470752954 CET4434986692.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:49.470828056 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:49.470927000 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:49.470937014 CET4434986692.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:51.245966911 CET4434986692.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:51.246076107 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:51.246238947 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:51.246259928 CET49866443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:52.243356943 CET49872443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:52.243413925 CET4434987292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:52.243868113 CET49872443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:52.244002104 CET49872443192.168.2.1092.255.85.148
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:52.244014025 CET4434987292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:53.776166916 CET4434987292.255.85.148192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:53.776259899 CET49872443192.168.2.1092.255.85.148

                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:54:51.217880011 CET5392353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:54:51.435046911 CET53539231.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.263880014 CET6035953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.264339924 CET5602453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.265245914 CET6053653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.266581059 CET5080253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.266923904 CET5665453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.267967939 CET5451153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.269145012 CET6232553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.269511938 CET6398053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.404635906 CET53605361.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.405039072 CET53545111.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.405920982 CET53566541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.406675100 CET53639801.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET53603591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.334840059 CET53623251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340267897 CET6232553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340307951 CET5080253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340344906 CET5602453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.487150908 CET53623251.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.812988997 CET53508021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.813026905 CET53508021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.019150019 CET53560241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.019174099 CET53560241.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020025015 CET63981123192.168.2.10129.6.15.28
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020054102 CET63981123192.168.2.10169.229.128.134
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020107985 CET63981123192.168.2.10162.159.200.123
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020165920 CET63981123192.168.2.10129.134.25.123
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020179033 CET63981123192.168.2.1062.149.0.30
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020215988 CET63981123192.168.2.10216.239.35.4
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.020267010 CET63981123192.168.2.10133.243.238.243
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.231209040 CET12363981129.6.15.28192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.241393089 CET12363981162.159.200.123192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.248225927 CET12363981129.134.25.123192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.253748894 CET12363981216.239.35.4192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.273910046 CET12363981169.229.128.134192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.279933929 CET1236398162.149.0.30192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:28.352705002 CET12363981133.243.238.243192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:33.839133024 CET53606431.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:34.090019941 CET53535451.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.426168919 CET5477453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.426356077 CET6055953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.563188076 CET53547741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.646295071 CET53605591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.665601969 CET6495353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.665782928 CET6279453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.666059017 CET6354453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.666209936 CET6387953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802540064 CET53649531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802660942 CET53627941.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802716017 CET53635441.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802970886 CET53638791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:50.850671053 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.165112972 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.774451971 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.989826918 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.989938021 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.989999056 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.990010977 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.991303921 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:51.992736101 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.008692026 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.088834047 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.307348967 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.307394028 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.307406902 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.307728052 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.307933092 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.308131933 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.323046923 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.622415066 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:52.650193930 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.933898926 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:08.934355021 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:09.249274969 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:09.250679970 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:09.250890017 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:09.251386881 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.652605057 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.653074026 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.654078007 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.962105989 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.968539953 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.969944000 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.970035076 CET44360800162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:11.972534895 CET60800443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.571367025 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.818285942 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.818310976 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.818324089 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.818339109 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.820373058 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.820775986 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.837272882 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:12.885159016 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.134700060 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.134716988 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.134721041 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.134731054 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.135327101 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.135327101 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.151696920 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.450656891 CET44365231162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:13.477673054 CET65231443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.123344898 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.123507977 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.123720884 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:43.123799086 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.134032965 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.134121895 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.135961056 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.136018991 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.211527109 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.212510109 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.244545937 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.449785948 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.449827909 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.449858904 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.449887991 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.450392008 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.450439930 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.450443983 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.450519085 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.450562000 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.461889982 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.542735100 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.571461916 CET51807443192.168.2.10162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.765773058 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.778438091 CET44351807162.159.61.3192.168.2.10
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:56:44.805737019 CET51807443192.168.2.10162.159.61.3

                                                                                                                                                                                                                                                                                                ICMP Packets

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.487281084 CET192.168.2.101.1.1.1c201(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.646369934 CET192.168.2.101.1.1.1c250(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:54:51.217880011 CET192.168.2.101.1.1.10xe967Standard query (0)saUAIEVgZoURlhJFQUK.saUAIEVgZoURlhJFQUKA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.263880014 CET192.168.2.101.1.1.10x4998Standard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.264339924 CET192.168.2.101.1.1.10xcdfeStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.265245914 CET192.168.2.101.1.1.10x39dStandard query (0)time.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.266581059 CET192.168.2.101.1.1.10x7a3fStandard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.266923904 CET192.168.2.101.1.1.10xaac7Standard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.267967939 CET192.168.2.101.1.1.10x3af3Standard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.269145012 CET192.168.2.101.1.1.10x33faStandard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.269511938 CET192.168.2.101.1.1.10xb49eStandard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340267897 CET192.168.2.101.1.1.10x33faStandard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340307951 CET192.168.2.101.1.1.10x7a3fStandard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.340344906 CET192.168.2.101.1.1.10xcdfeStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.426168919 CET192.168.2.101.1.1.10xe2f4Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.426356077 CET192.168.2.101.1.1.10xb6a4Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.665601969 CET192.168.2.101.1.1.10x5385Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.665782928 CET192.168.2.101.1.1.10xca00Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.666059017 CET192.168.2.101.1.1.10x3170Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.666209936 CET192.168.2.101.1.1.10xa1aeStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:54:51.435046911 CET1.1.1.1192.168.2.100xe967Name error (3)saUAIEVgZoURlhJFQUK.saUAIEVgZoURlhJFQUKnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.404635906 CET1.1.1.1192.168.2.100x39dNo error (0)time.google.com216.239.35.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.404635906 CET1.1.1.1192.168.2.100x39dNo error (0)time.google.com216.239.35.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.404635906 CET1.1.1.1192.168.2.100x39dNo error (0)time.google.com216.239.35.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.404635906 CET1.1.1.1192.168.2.100x39dNo error (0)time.google.com216.239.35.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.405039072 CET1.1.1.1192.168.2.100x3af3No error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.405039072 CET1.1.1.1192.168.2.100x3af3No error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.405920982 CET1.1.1.1192.168.2.100xaac7No error (0)time.facebook.com129.134.25.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.406675100 CET1.1.1.1192.168.2.100xb49eNo error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET1.1.1.1192.168.2.100x4998No error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET1.1.1.1192.168.2.100x4998No error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET1.1.1.1192.168.2.100x4998No error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET1.1.1.1192.168.2.100x4998No error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:25.751995087 CET1.1.1.1192.168.2.100x4998No error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.334840059 CET1.1.1.1192.168.2.100x33faNo error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.487150908 CET1.1.1.1192.168.2.100x33faNo error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.812988997 CET1.1.1.1192.168.2.100x7a3fNo error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:26.813026905 CET1.1.1.1192.168.2.100x7a3fNo error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.019150019 CET1.1.1.1192.168.2.100xcdfeServer failure (2)ts1.aco.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:27.019174099 CET1.1.1.1192.168.2.100xcdfeServer failure (2)ts1.aco.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.472345114 CET1.1.1.1192.168.2.100x3a06No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.472345114 CET1.1.1.1192.168.2.100x3a06No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:40.474205017 CET1.1.1.1192.168.2.100x134dNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.563188076 CET1.1.1.1192.168.2.100xe2f4No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.563188076 CET1.1.1.1192.168.2.100xe2f4No error (0)googlehosted.l.googleusercontent.com172.217.17.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:47.646295071 CET1.1.1.1192.168.2.100xb6a4No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802540064 CET1.1.1.1192.168.2.100x5385No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802540064 CET1.1.1.1192.168.2.100x5385No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802660942 CET1.1.1.1192.168.2.100xca00No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802716017 CET1.1.1.1192.168.2.100x3170No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802716017 CET1.1.1.1192.168.2.100x3170No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 18, 2024 14:55:48.802970886 CET1.1.1.1192.168.2.100xa1aeNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                • chrome.cloudflare-dns.com

                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                0192.168.2.1049741172.217.17.654436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:49 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC562INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                Content-Length: 154477
                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC7Wp0_qmiHPrlwjr02gMprMIqXGA2DRBwe1UsIGXWfQQZWyqRscU0kaHdksSMtvk-U
                                                                                                                                                                                                                                                                                                X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                Date: Tue, 17 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                Expires: Wed, 17 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                Age: 79055
                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC828INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 bb
                                                                                                                                                                                                                                                                                                Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 bd
                                                                                                                                                                                                                                                                                                Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb 4c
                                                                                                                                                                                                                                                                                                Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGWL
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd bf
                                                                                                                                                                                                                                                                                                Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 30
                                                                                                                                                                                                                                                                                                Data Ascii: =+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v0
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 fa
                                                                                                                                                                                                                                                                                                Data Ascii: K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 0f
                                                                                                                                                                                                                                                                                                Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 8f
                                                                                                                                                                                                                                                                                                Data Ascii: aW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC1390INData Raw: 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 20
                                                                                                                                                                                                                                                                                                Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                1192.168.2.1049743162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Wed, 18 Dec 2024 13:55:50 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8f3fa71f5aab8c71-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                2192.168.2.1049742162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Wed, 18 Dec 2024 13:55:50 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8f3fa71f58c94238-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 21 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom!()


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                3192.168.2.1049744162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                4192.168.2.1049745162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-18 13:55:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                Start time:08:54:45
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\H3G7Xu6gih.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\H3G7Xu6gih.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                File size:1'314'244 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F7CDD37705BD314230AC86F43756D0BA
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                Start time:08:54:47
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c copy Keith Keith.cmd & Keith.cmd
                                                                                                                                                                                                                                                                                                Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                                                Start time:08:54:47
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                                                Start time:08:54:48
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                                                                                                                                Imagebase:0x670000
                                                                                                                                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                Start time:08:54:48
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:findstr /I "wrsa opssvc"
                                                                                                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                                                                                                                                Imagebase:0x670000
                                                                                                                                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:cmd /c md 378864
                                                                                                                                                                                                                                                                                                Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:findstr /V "TRIBUTEBOOTYSTANTIQUE" Flexible
                                                                                                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:cmd /c copy /b ..\Shuttle + ..\Worcester + ..\Reservation + ..\Signed + ..\Vulnerability + ..\Choices + ..\Schemes + ..\Chambers + ..\Denied + ..\Elite + ..\Acute + ..\Vegas k
                                                                                                                                                                                                                                                                                                Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                                                Start time:08:54:49
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\378864\Senegal.com
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:Senegal.com k
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7a98d0000
                                                                                                                                                                                                                                                                                                File size:1'065'128 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                Start time:08:54:50
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                                                                                                                                File size:28'160 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                Start time:08:55:06
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\378864\Senegal.com
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\378864\Senegal.com
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7a98d0000
                                                                                                                                                                                                                                                                                                File size:1'065'128 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1784249981.0000012FEBC90000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1784038389.0000012FEB9B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1781088392.0000012FE9830000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                                                                Start time:08:55:13
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000002.2347547624.000001B9B80D1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000003.1785387835.000001B9B7DC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.1787013905.000001B9BA2B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                                                                Start time:08:55:14
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 6636 -s 388
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6b8830000
                                                                                                                                                                                                                                                                                                File size:570'736 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                                                                Start time:08:55:31
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDACB.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/0e638796"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6c5c30000
                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                                                                Start time:08:55:31
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2464,i,13374122703078418227,12941019929356624603,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6c5c30000
                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                                                                Start time:08:55:33
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE403.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0e2335e/706c4b13"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                                                                                Start time:08:55:36
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2076,i,5654214914569554567,17615992490036204996,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                                                                                                Start time:08:55:37
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/d0e2335e/706c4b13
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                                                                Start time:08:55:38
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                                                                                Start time:08:55:41
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4356 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                                                                                Start time:08:55:41
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2824 --field-trial-handle=2056,i,7590019161043297527,6237522676600960806,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                                                                Start time:08:55:41
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                                                                                                Start time:08:55:42
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3088 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                                                                                                Start time:08:55:42
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3964 --field-trial-handle=2092,i,4304674964838739727,2531971506768107170,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6a9290000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                                                                                                Start time:08:55:57
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Windows Media Player\wmprph.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\wmprph.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6c5910000
                                                                                                                                                                                                                                                                                                File size:86'528 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:B4298167D12E6AC4618518E0B6326802
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                                                                                                                Start time:08:56:03
                                                                                                                                                                                                                                                                                                Start date:18/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6f7fc0000
                                                                                                                                                                                                                                                                                                File size:21'312 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:18.2%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                  Signature Coverage:21.4%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:1474
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:33
                                                                                                                                                                                                                                                                                                  execution_graph 4269 402fc0 4270 401446 18 API calls 4269->4270 4271 402fc7 4270->4271 4272 403017 4271->4272 4273 40300a 4271->4273 4276 401a13 4271->4276 4274 406805 18 API calls 4272->4274 4275 401446 18 API calls 4273->4275 4274->4276 4275->4276 4277 4023c1 4278 40145c 18 API calls 4277->4278 4279 4023c8 4278->4279 4282 40726a 4279->4282 4285 406ed2 CreateFileW 4282->4285 4286 406f04 4285->4286 4287 406f1e ReadFile 4285->4287 4288 4062a3 11 API calls 4286->4288 4289 4023d6 4287->4289 4292 406f84 4287->4292 4288->4289 4290 4071e3 CloseHandle 4290->4289 4291 406f9b ReadFile lstrcpynA lstrcmpA 4291->4292 4293 406fe2 SetFilePointer ReadFile 4291->4293 4292->4289 4292->4290 4292->4291 4296 406fdd 4292->4296 4293->4290 4294 4070a8 ReadFile 4293->4294 4295 407138 4294->4295 4295->4294 4295->4296 4297 40715f SetFilePointer GlobalAlloc ReadFile 4295->4297 4296->4290 4298 4071a3 4297->4298 4299 4071bf lstrcpynW GlobalFree 4297->4299 4298->4298 4298->4299 4299->4290 4300 401cc3 4301 40145c 18 API calls 4300->4301 4302 401cca lstrlenW 4301->4302 4303 4030dc 4302->4303 4304 4030e3 4303->4304 4306 405f51 wsprintfW 4303->4306 4306->4304 4321 401c46 4322 40145c 18 API calls 4321->4322 4323 401c4c 4322->4323 4324 4062a3 11 API calls 4323->4324 4325 401c59 4324->4325 4326 406c9b 81 API calls 4325->4326 4327 401c64 4326->4327 4328 4030c7 InvalidateRect 4329 4030e3 4328->4329 4330 403049 4331 401446 18 API calls 4330->4331 4334 403050 4331->4334 4332 406805 18 API calls 4333 401a13 4332->4333 4334->4332 4334->4333 4335 40204a 4336 401446 18 API calls 4335->4336 4337 402051 IsWindow 4336->4337 4338 4018d3 4337->4338 4339 40324c 4340 403277 4339->4340 4341 40325e SetTimer 4339->4341 4342 4032cc 4340->4342 4343 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4340->4343 4341->4340 4343->4342 4344 4048cc 4345 4048f1 4344->4345 4346 4048da 4344->4346 4348 4048ff IsWindowVisible 4345->4348 4349 404916 4345->4349 4347 4048e0 4346->4347 4362 40495a 4346->4362 4350 403daf SendMessageW 4347->4350 4352 40490c 4348->4352 4348->4362 4351 404960 CallWindowProcW 4349->4351 4368 406009 lstrcpynW 4349->4368 4353 4048ea 4350->4353 4351->4353 4363 40484e SendMessageW 4352->4363 4356 404945 4369 405f51 wsprintfW 4356->4369 4358 40494c 4359 40141d 80 API calls 4358->4359 4360 404953 4359->4360 4370 406009 lstrcpynW 4360->4370 4362->4351 4364 404871 GetMessagePos ScreenToClient SendMessageW 4363->4364 4365 4048ab SendMessageW 4363->4365 4366 4048a3 4364->4366 4367 4048a8 4364->4367 4365->4366 4366->4349 4367->4365 4368->4356 4369->4358 4370->4362 4371 4022cc 4372 40145c 18 API calls 4371->4372 4373 4022d3 4372->4373 4374 4062d5 2 API calls 4373->4374 4375 4022d9 4374->4375 4376 4022e8 4375->4376 4380 405f51 wsprintfW 4375->4380 4379 4030e3 4376->4379 4381 405f51 wsprintfW 4376->4381 4380->4376 4381->4379 4149 4050cd 4150 405295 4149->4150 4151 4050ee GetDlgItem GetDlgItem GetDlgItem 4149->4151 4152 4052c6 4150->4152 4153 40529e GetDlgItem CreateThread CloseHandle 4150->4153 4198 403d98 SendMessageW 4151->4198 4155 4052f4 4152->4155 4157 4052e0 ShowWindow ShowWindow 4152->4157 4158 405316 4152->4158 4153->4152 4201 405047 83 API calls 4153->4201 4159 405352 4155->4159 4161 405305 4155->4161 4162 40532b ShowWindow 4155->4162 4156 405162 4169 406805 18 API calls 4156->4169 4200 403d98 SendMessageW 4157->4200 4163 403dca 8 API calls 4158->4163 4159->4158 4164 40535d SendMessageW 4159->4164 4165 403d18 SendMessageW 4161->4165 4167 40534b 4162->4167 4168 40533d 4162->4168 4166 40528e 4163->4166 4164->4166 4171 405376 CreatePopupMenu 4164->4171 4165->4158 4170 403d18 SendMessageW 4167->4170 4172 404f72 25 API calls 4168->4172 4173 405181 4169->4173 4170->4159 4175 406805 18 API calls 4171->4175 4172->4167 4174 4062a3 11 API calls 4173->4174 4176 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4174->4176 4177 405386 AppendMenuW 4175->4177 4178 4051f3 4176->4178 4179 4051d7 SendMessageW SendMessageW 4176->4179 4180 405399 GetWindowRect 4177->4180 4181 4053ac 4177->4181 4182 405206 4178->4182 4183 4051f8 SendMessageW 4178->4183 4179->4178 4184 4053b3 TrackPopupMenu 4180->4184 4181->4184 4185 403d3f 19 API calls 4182->4185 4183->4182 4184->4166 4186 4053d1 4184->4186 4187 405216 4185->4187 4188 4053ed SendMessageW 4186->4188 4189 405253 GetDlgItem SendMessageW 4187->4189 4190 40521f ShowWindow 4187->4190 4188->4188 4191 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4188->4191 4189->4166 4194 405276 SendMessageW SendMessageW 4189->4194 4192 405242 4190->4192 4193 405235 ShowWindow 4190->4193 4195 40542f SendMessageW 4191->4195 4199 403d98 SendMessageW 4192->4199 4193->4192 4194->4166 4195->4195 4196 40545a GlobalUnlock SetClipboardData CloseClipboard 4195->4196 4196->4166 4198->4156 4199->4189 4200->4155 4382 4030cf 4383 40145c 18 API calls 4382->4383 4384 4030d6 4383->4384 4385 4030dc 4384->4385 4389 4063ac GlobalAlloc lstrlenW 4384->4389 4387 4030e3 4385->4387 4416 405f51 wsprintfW 4385->4416 4390 4063e2 4389->4390 4391 406434 4389->4391 4392 40640f GetVersionExW 4390->4392 4417 40602b CharUpperW 4390->4417 4391->4385 4392->4391 4393 40643e 4392->4393 4395 406464 LoadLibraryA 4393->4395 4396 40644d 4393->4396 4395->4391 4398 406482 GetProcAddress GetProcAddress GetProcAddress 4395->4398 4396->4391 4397 406585 GlobalFree 4396->4397 4399 40659b LoadLibraryA 4397->4399 4400 4066dd FreeLibrary 4397->4400 4404 4064aa 4398->4404 4407 4065f5 4398->4407 4399->4391 4402 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4399->4402 4400->4391 4401 406651 FreeLibrary 4403 40662a 4401->4403 4402->4407 4406 4066ea 4403->4406 4413 406685 lstrcmpW 4403->4413 4414 4066b6 CloseHandle 4403->4414 4415 4066d4 CloseHandle 4403->4415 4405 4064ce FreeLibrary GlobalFree 4404->4405 4404->4407 4411 4064ea 4404->4411 4405->4391 4410 4066ef CloseHandle FreeLibrary 4406->4410 4407->4401 4407->4403 4408 4064fc lstrcpyW OpenProcess 4409 40654f CloseHandle CharUpperW lstrcmpW 4408->4409 4408->4411 4409->4407 4409->4411 4412 406704 CloseHandle 4410->4412 4411->4397 4411->4408 4411->4409 4412->4410 4413->4403 4413->4412 4414->4403 4415->4400 4416->4387 4417->4390 4418 407752 4422 407344 4418->4422 4419 407c6d 4420 4073c2 GlobalFree 4421 4073cb GlobalAlloc 4420->4421 4421->4419 4421->4422 4422->4419 4422->4420 4422->4421 4422->4422 4423 407443 GlobalAlloc 4422->4423 4424 40743a GlobalFree 4422->4424 4423->4419 4423->4422 4424->4423 4425 401dd3 4426 401446 18 API calls 4425->4426 4427 401dda 4426->4427 4428 401446 18 API calls 4427->4428 4429 4018d3 4428->4429 4430 4028d3 RegCreateKeyExW 4431 4028e8 4430->4431 4435 4029ef 4430->4435 4432 402934 4431->4432 4434 40145c 18 API calls 4431->4434 4433 402963 4432->4433 4436 401446 18 API calls 4432->4436 4437 4029ae RegSetValueExW 4433->4437 4442 40337f 37 API calls 4433->4442 4438 4028fc lstrlenW 4434->4438 4441 402947 4436->4441 4439 4029c6 RegCloseKey 4437->4439 4440 4029cb 4437->4440 4443 402918 4438->4443 4444 40292a 4438->4444 4439->4435 4446 4062a3 11 API calls 4440->4446 4447 4062a3 11 API calls 4441->4447 4448 40297b 4442->4448 4449 4062a3 11 API calls 4443->4449 4445 4062a3 11 API calls 4444->4445 4445->4432 4446->4439 4447->4433 4455 406224 4448->4455 4450 402922 4449->4450 4450->4437 4454 4062a3 11 API calls 4454->4450 4456 406247 4455->4456 4457 40628a 4456->4457 4458 40625c wsprintfW 4456->4458 4459 402991 4457->4459 4460 406293 lstrcatW 4457->4460 4458->4457 4458->4458 4459->4454 4460->4459 4461 4040d3 4462 4040dd 4461->4462 4463 40410e 4462->4463 4476 403fca WideCharToMultiByte 4462->4476 4465 403d3f 19 API calls 4463->4465 4466 40414e 4465->4466 4467 403d3f 19 API calls 4466->4467 4468 40415b CheckDlgButton 4467->4468 4479 403d85 KiUserCallbackDispatcher 4468->4479 4470 404179 GetDlgItem 4480 403d98 SendMessageW 4470->4480 4472 40418f SendMessageW 4473 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4472->4473 4474 4041ac GetSysColor 4472->4474 4475 40435c 4473->4475 4474->4473 4477 404007 4476->4477 4478 403fe9 GlobalAlloc WideCharToMultiByte 4476->4478 4477->4463 4478->4477 4479->4470 4480->4472 4488 401cd5 4489 401446 18 API calls 4488->4489 4490 401cdd 4489->4490 4491 401446 18 API calls 4490->4491 4492 401ce8 4491->4492 4493 40145c 18 API calls 4492->4493 4494 401cf1 4493->4494 4495 401d07 lstrlenW 4494->4495 4500 401d43 4494->4500 4496 401d11 4495->4496 4496->4500 4501 406009 lstrcpynW 4496->4501 4498 401d2c 4499 401d39 lstrlenW 4498->4499 4498->4500 4499->4500 4501->4498 4502 403cd6 4503 403ce1 4502->4503 4504 403ce5 4503->4504 4505 403ce8 GlobalAlloc 4503->4505 4505->4504 4506 402cd7 4507 401446 18 API calls 4506->4507 4508 402c64 4507->4508 4508->4506 4509 402d99 4508->4509 4510 402d17 ReadFile 4508->4510 4510->4508 4511 402dd8 4512 4030e3 4511->4512 4513 402ddf 4511->4513 4514 402de5 FindClose 4513->4514 4514->4512 4515 401d5c 4516 40145c 18 API calls 4515->4516 4517 401d63 4516->4517 4518 40145c 18 API calls 4517->4518 4519 401d6c 4518->4519 4520 401d73 lstrcmpiW 4519->4520 4521 401d86 lstrcmpW 4519->4521 4522 401d79 4520->4522 4521->4522 4523 401c99 4521->4523 4522->4521 4522->4523 4207 407c5f 4209 407344 4207->4209 4208 407c6d 4209->4208 4210 4073c2 GlobalFree 4209->4210 4211 4073cb GlobalAlloc 4209->4211 4212 407443 GlobalAlloc 4209->4212 4213 40743a GlobalFree 4209->4213 4210->4211 4211->4208 4211->4209 4212->4208 4212->4209 4213->4212 4524 404363 4525 404373 4524->4525 4526 40439c 4524->4526 4527 403d3f 19 API calls 4525->4527 4528 403dca 8 API calls 4526->4528 4530 404380 SetDlgItemTextW 4527->4530 4529 4043a8 4528->4529 4530->4526 4531 4027e3 4532 4027e9 4531->4532 4533 4027f2 4532->4533 4534 402836 4532->4534 4547 401553 4533->4547 4536 40145c 18 API calls 4534->4536 4538 40283d 4536->4538 4537 4027f9 4540 40145c 18 API calls 4537->4540 4545 401a13 4537->4545 4539 4062a3 11 API calls 4538->4539 4541 40284d 4539->4541 4542 40280a RegDeleteValueW 4540->4542 4551 40149d RegOpenKeyExW 4541->4551 4544 4062a3 11 API calls 4542->4544 4546 40282a RegCloseKey 4544->4546 4546->4545 4548 401563 4547->4548 4549 40145c 18 API calls 4548->4549 4550 401589 RegOpenKeyExW 4549->4550 4550->4537 4555 4014c9 4551->4555 4559 401515 4551->4559 4552 4014ef RegEnumKeyW 4553 401501 RegCloseKey 4552->4553 4552->4555 4556 4062fc 3 API calls 4553->4556 4554 401526 RegCloseKey 4554->4559 4555->4552 4555->4553 4555->4554 4557 40149d 3 API calls 4555->4557 4558 401511 4556->4558 4557->4555 4558->4559 4560 401541 RegDeleteKeyW 4558->4560 4559->4545 4560->4559 4561 403f64 4562 403f90 4561->4562 4563 403f74 4561->4563 4565 403fc3 4562->4565 4566 403f96 SHGetPathFromIDListW 4562->4566 4572 405c84 GetDlgItemTextW 4563->4572 4568 403fad SendMessageW 4566->4568 4569 403fa6 4566->4569 4567 403f81 SendMessageW 4567->4562 4568->4565 4570 40141d 80 API calls 4569->4570 4570->4568 4572->4567 4573 402ae4 4574 4030e3 4573->4574 4575 402aeb 4573->4575 4576 402af2 CloseHandle 4575->4576 4576->4574 4577 402065 4578 401446 18 API calls 4577->4578 4579 40206d 4578->4579 4580 401446 18 API calls 4579->4580 4581 402076 GetDlgItem 4580->4581 4582 4030dc 4581->4582 4583 4030e3 4582->4583 4585 405f51 wsprintfW 4582->4585 4585->4583 4586 402665 4587 40145c 18 API calls 4586->4587 4588 40266b 4587->4588 4589 40145c 18 API calls 4588->4589 4590 402674 4589->4590 4591 40145c 18 API calls 4590->4591 4592 40267d 4591->4592 4593 4062a3 11 API calls 4592->4593 4594 40268c 4593->4594 4595 4062d5 2 API calls 4594->4595 4596 402695 4595->4596 4597 4026a6 lstrlenW lstrlenW 4596->4597 4598 404f72 25 API calls 4596->4598 4601 4030e3 4596->4601 4599 404f72 25 API calls 4597->4599 4598->4596 4600 4026e8 SHFileOperationW 4599->4600 4600->4596 4600->4601 4609 401c69 4610 40145c 18 API calls 4609->4610 4611 401c70 4610->4611 4612 4062a3 11 API calls 4611->4612 4613 401c80 4612->4613 4614 405ca0 MessageBoxIndirectW 4613->4614 4615 401a13 4614->4615 4623 402f6e 4624 402f72 4623->4624 4625 402fae 4623->4625 4626 4062a3 11 API calls 4624->4626 4627 40145c 18 API calls 4625->4627 4628 402f7d 4626->4628 4633 402f9d 4627->4633 4629 4062a3 11 API calls 4628->4629 4630 402f90 4629->4630 4631 402fa2 4630->4631 4632 402f98 4630->4632 4635 4060e7 9 API calls 4631->4635 4634 403e74 5 API calls 4632->4634 4634->4633 4635->4633 4636 4023f0 4637 402403 4636->4637 4651 4024da 4636->4651 4638 40145c 18 API calls 4637->4638 4640 40240a 4638->4640 4639 404f72 25 API calls 4645 4024f1 4639->4645 4641 40145c 18 API calls 4640->4641 4642 402413 4641->4642 4643 402429 LoadLibraryExW 4642->4643 4644 40241b GetModuleHandleW 4642->4644 4646 40243e 4643->4646 4647 4024ce 4643->4647 4644->4643 4644->4646 4660 406365 GlobalAlloc WideCharToMultiByte 4646->4660 4649 404f72 25 API calls 4647->4649 4649->4651 4650 402449 4652 40248c 4650->4652 4653 40244f 4650->4653 4651->4639 4654 404f72 25 API calls 4652->4654 4658 40245f 4653->4658 4663 401435 4653->4663 4656 402496 4654->4656 4657 4062a3 11 API calls 4656->4657 4657->4658 4658->4645 4659 4024c0 FreeLibrary 4658->4659 4659->4645 4661 406390 GetProcAddress 4660->4661 4662 40639d GlobalFree 4660->4662 4661->4662 4662->4650 4664 404f72 25 API calls 4663->4664 4665 401443 4664->4665 4665->4658 4666 402df3 4667 4019ec 4666->4667 4668 402dfa 4666->4668 4669 402e07 FindNextFileW 4668->4669 4669->4667 4670 402e16 4669->4670 4672 406009 lstrcpynW 4670->4672 4672->4667 4004 402175 4005 401446 18 API calls 4004->4005 4006 40217c 4005->4006 4007 401446 18 API calls 4006->4007 4008 402186 4007->4008 4009 402197 4008->4009 4010 4062a3 11 API calls 4008->4010 4011 4021aa EnableWindow 4009->4011 4012 40219f ShowWindow 4009->4012 4010->4009 4013 4030e3 4011->4013 4012->4013 4680 404077 4681 404081 4680->4681 4682 404084 lstrcpynW lstrlenW 4680->4682 4681->4682 4030 405479 4031 405491 4030->4031 4032 4055cd 4030->4032 4031->4032 4033 40549d 4031->4033 4034 40561e 4032->4034 4035 4055de GetDlgItem GetDlgItem 4032->4035 4036 4054a8 SetWindowPos 4033->4036 4037 4054bb 4033->4037 4039 405678 4034->4039 4048 40139d 80 API calls 4034->4048 4038 403d3f 19 API calls 4035->4038 4036->4037 4041 4054c0 ShowWindow 4037->4041 4042 4054d8 4037->4042 4043 405608 SetClassLongW 4038->4043 4040 403daf SendMessageW 4039->4040 4044 4055c8 4039->4044 4070 40568a 4040->4070 4041->4042 4045 4054e0 DestroyWindow 4042->4045 4046 4054fa 4042->4046 4047 40141d 80 API calls 4043->4047 4049 4058dc 4045->4049 4050 405510 4046->4050 4051 4054ff SetWindowLongW 4046->4051 4047->4034 4052 405650 4048->4052 4049->4044 4059 40590d ShowWindow 4049->4059 4055 4055b9 4050->4055 4056 40551c GetDlgItem 4050->4056 4051->4044 4052->4039 4057 405654 SendMessageW 4052->4057 4053 40141d 80 API calls 4053->4070 4054 4058de DestroyWindow KiUserCallbackDispatcher 4054->4049 4109 403dca 4055->4109 4060 40554c 4056->4060 4061 40552f SendMessageW IsWindowEnabled 4056->4061 4057->4044 4059->4044 4063 405559 4060->4063 4064 4055a0 SendMessageW 4060->4064 4065 40556c 4060->4065 4074 405551 4060->4074 4061->4044 4061->4060 4062 406805 18 API calls 4062->4070 4063->4064 4063->4074 4064->4055 4067 405574 4065->4067 4068 405589 4065->4068 4071 40141d 80 API calls 4067->4071 4072 40141d 80 API calls 4068->4072 4069 405587 4069->4055 4070->4044 4070->4053 4070->4054 4070->4062 4073 403d3f 19 API calls 4070->4073 4091 40581e DestroyWindow 4070->4091 4100 403d3f 4070->4100 4071->4074 4075 405590 4072->4075 4073->4070 4106 403d18 4074->4106 4075->4055 4075->4074 4077 405705 GetDlgItem 4078 405723 ShowWindow KiUserCallbackDispatcher 4077->4078 4079 40571a 4077->4079 4103 403d85 KiUserCallbackDispatcher 4078->4103 4079->4078 4081 40574d EnableWindow 4084 405761 4081->4084 4082 405766 GetSystemMenu EnableMenuItem SendMessageW 4083 405796 SendMessageW 4082->4083 4082->4084 4083->4084 4084->4082 4104 403d98 SendMessageW 4084->4104 4105 406009 lstrcpynW 4084->4105 4087 4057c4 lstrlenW 4088 406805 18 API calls 4087->4088 4089 4057da SetWindowTextW 4088->4089 4090 40139d 80 API calls 4089->4090 4090->4070 4091->4049 4092 405838 CreateDialogParamW 4091->4092 4092->4049 4093 40586b 4092->4093 4094 403d3f 19 API calls 4093->4094 4095 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4094->4095 4096 40139d 80 API calls 4095->4096 4097 4058bc 4096->4097 4097->4044 4098 4058c4 ShowWindow 4097->4098 4099 403daf SendMessageW 4098->4099 4099->4049 4101 406805 18 API calls 4100->4101 4102 403d4a SetDlgItemTextW 4101->4102 4102->4077 4103->4081 4104->4084 4105->4087 4107 403d25 SendMessageW 4106->4107 4108 403d1f 4106->4108 4107->4069 4108->4107 4110 403ddf GetWindowLongW 4109->4110 4120 403e68 4109->4120 4111 403df0 4110->4111 4110->4120 4112 403e02 4111->4112 4113 403dff GetSysColor 4111->4113 4114 403e12 SetBkMode 4112->4114 4115 403e08 SetTextColor 4112->4115 4113->4112 4116 403e30 4114->4116 4117 403e2a GetSysColor 4114->4117 4115->4114 4118 403e41 4116->4118 4119 403e37 SetBkColor 4116->4119 4117->4116 4118->4120 4121 403e54 DeleteObject 4118->4121 4122 403e5b CreateBrushIndirect 4118->4122 4119->4118 4120->4044 4121->4122 4122->4120 4683 4020f9 GetDC GetDeviceCaps 4684 401446 18 API calls 4683->4684 4685 402116 MulDiv 4684->4685 4686 401446 18 API calls 4685->4686 4687 40212c 4686->4687 4688 406805 18 API calls 4687->4688 4689 402165 CreateFontIndirectW 4688->4689 4690 4030dc 4689->4690 4691 4030e3 4690->4691 4693 405f51 wsprintfW 4690->4693 4693->4691 4694 4024fb 4695 40145c 18 API calls 4694->4695 4696 402502 4695->4696 4697 40145c 18 API calls 4696->4697 4698 40250c 4697->4698 4699 40145c 18 API calls 4698->4699 4700 402515 4699->4700 4701 40145c 18 API calls 4700->4701 4702 40251f 4701->4702 4703 40145c 18 API calls 4702->4703 4704 402529 4703->4704 4705 40253d 4704->4705 4706 40145c 18 API calls 4704->4706 4707 4062a3 11 API calls 4705->4707 4706->4705 4708 40256a CoCreateInstance 4707->4708 4709 40258c 4708->4709 4710 40497c GetDlgItem GetDlgItem 4711 4049d2 7 API calls 4710->4711 4721 404bea 4710->4721 4712 404a76 DeleteObject 4711->4712 4713 404a6a SendMessageW 4711->4713 4714 404a81 4712->4714 4713->4712 4716 404ab8 4714->4716 4718 406805 18 API calls 4714->4718 4715 404ccf 4717 404d74 4715->4717 4723 404bdd 4715->4723 4728 404d1e SendMessageW 4715->4728 4722 403d3f 19 API calls 4716->4722 4719 404d89 4717->4719 4720 404d7d SendMessageW 4717->4720 4725 404a9a SendMessageW SendMessageW 4718->4725 4730 404da2 4719->4730 4731 404d9b ImageList_Destroy 4719->4731 4739 404db2 4719->4739 4720->4719 4721->4715 4726 40484e 5 API calls 4721->4726 4742 404c5a 4721->4742 4727 404acc 4722->4727 4729 403dca 8 API calls 4723->4729 4724 404cc1 SendMessageW 4724->4715 4725->4714 4726->4742 4732 403d3f 19 API calls 4727->4732 4728->4723 4734 404d33 SendMessageW 4728->4734 4735 404f6b 4729->4735 4736 404dab GlobalFree 4730->4736 4730->4739 4731->4730 4745 404add 4732->4745 4733 404f1c 4733->4723 4740 404f31 ShowWindow GetDlgItem ShowWindow 4733->4740 4737 404d46 4734->4737 4736->4739 4747 404d57 SendMessageW 4737->4747 4738 404baa GetWindowLongW SetWindowLongW 4741 404bc4 4738->4741 4739->4733 4746 40141d 80 API calls 4739->4746 4757 404de4 4739->4757 4740->4723 4743 404be2 4741->4743 4744 404bca ShowWindow 4741->4744 4742->4715 4742->4724 4762 403d98 SendMessageW 4743->4762 4761 403d98 SendMessageW 4744->4761 4745->4738 4748 404ba4 4745->4748 4751 404b39 SendMessageW 4745->4751 4752 404b67 SendMessageW 4745->4752 4753 404b7b SendMessageW 4745->4753 4746->4757 4747->4717 4748->4738 4748->4741 4751->4745 4752->4745 4753->4745 4754 404ef3 InvalidateRect 4754->4733 4755 404f09 4754->4755 4763 4043ad 4755->4763 4756 404e12 SendMessageW 4760 404e28 4756->4760 4757->4756 4757->4760 4759 404ea1 SendMessageW SendMessageW 4759->4760 4760->4754 4760->4759 4761->4723 4762->4721 4764 4043cd 4763->4764 4765 406805 18 API calls 4764->4765 4766 40440d 4765->4766 4767 406805 18 API calls 4766->4767 4768 404418 4767->4768 4769 406805 18 API calls 4768->4769 4770 404428 lstrlenW wsprintfW SetDlgItemTextW 4769->4770 4770->4733 4771 4026fc 4773 401ee4 4771->4773 4774 402708 4771->4774 4772 406805 18 API calls 4772->4773 4773->4771 4773->4772 4202 4019fd 4203 40145c 18 API calls 4202->4203 4204 401a04 4203->4204 4205 405e7f 2 API calls 4204->4205 4206 401a0b 4205->4206 4775 4022fd 4776 40145c 18 API calls 4775->4776 4777 402304 GetFileVersionInfoSizeW 4776->4777 4778 4030e3 4777->4778 4779 40232b GlobalAlloc 4777->4779 4779->4778 4780 40233f GetFileVersionInfoW 4779->4780 4781 402350 VerQueryValueW 4780->4781 4782 402381 GlobalFree 4780->4782 4781->4782 4783 402369 4781->4783 4782->4778 4788 405f51 wsprintfW 4783->4788 4786 402375 4789 405f51 wsprintfW 4786->4789 4788->4786 4789->4782 4790 402afd 4791 40145c 18 API calls 4790->4791 4792 402b04 4791->4792 4797 405e50 GetFileAttributesW CreateFileW 4792->4797 4794 402b10 4795 4030e3 4794->4795 4798 405f51 wsprintfW 4794->4798 4797->4794 4798->4795 4799 4029ff 4800 401553 19 API calls 4799->4800 4801 402a09 4800->4801 4802 40145c 18 API calls 4801->4802 4803 402a12 4802->4803 4804 402a1f RegQueryValueExW 4803->4804 4809 401a13 4803->4809 4805 402a45 4804->4805 4806 402a3f 4804->4806 4807 4029e4 RegCloseKey 4805->4807 4805->4809 4806->4805 4810 405f51 wsprintfW 4806->4810 4807->4809 4810->4805 4811 401000 4812 401037 BeginPaint GetClientRect 4811->4812 4813 40100c DefWindowProcW 4811->4813 4815 4010fc 4812->4815 4816 401182 4813->4816 4817 401073 CreateBrushIndirect FillRect DeleteObject 4815->4817 4818 401105 4815->4818 4817->4815 4819 401170 EndPaint 4818->4819 4820 40110b CreateFontIndirectW 4818->4820 4819->4816 4820->4819 4821 40111b 6 API calls 4820->4821 4821->4819 4822 401f80 4823 401446 18 API calls 4822->4823 4824 401f88 4823->4824 4825 401446 18 API calls 4824->4825 4826 401f93 4825->4826 4827 401fa3 4826->4827 4828 40145c 18 API calls 4826->4828 4829 401fb3 4827->4829 4830 40145c 18 API calls 4827->4830 4828->4827 4831 402006 4829->4831 4832 401fbc 4829->4832 4830->4829 4833 40145c 18 API calls 4831->4833 4834 401446 18 API calls 4832->4834 4835 40200d 4833->4835 4836 401fc4 4834->4836 4838 40145c 18 API calls 4835->4838 4837 401446 18 API calls 4836->4837 4839 401fce 4837->4839 4840 402016 FindWindowExW 4838->4840 4841 401ff6 SendMessageW 4839->4841 4842 401fd8 SendMessageTimeoutW 4839->4842 4843 402036 4840->4843 4841->4843 4842->4843 4844 4030e3 4843->4844 4846 405f51 wsprintfW 4843->4846 4846->4844 4847 402082 4848 401446 18 API calls 4847->4848 4849 402093 SetWindowLongW 4848->4849 4850 4030e3 4849->4850 3389 403883 #17 SetErrorMode OleInitialize 3463 4062fc GetModuleHandleA 3389->3463 3393 4038f1 GetCommandLineW 3468 406009 lstrcpynW 3393->3468 3395 403903 GetModuleHandleW 3396 40391b 3395->3396 3469 405d06 3396->3469 3399 4039d6 3400 4039f5 GetTempPathW 3399->3400 3473 4037cc 3400->3473 3402 403a0b 3403 403a33 DeleteFileW 3402->3403 3404 403a0f GetWindowsDirectoryW lstrcatW 3402->3404 3481 403587 GetTickCount GetModuleFileNameW 3403->3481 3406 4037cc 11 API calls 3404->3406 3405 405d06 CharNextW 3408 40393c 3405->3408 3409 403a2b 3406->3409 3408->3399 3408->3405 3419 4039d8 3408->3419 3409->3403 3411 403acc 3409->3411 3410 403a47 3410->3411 3413 403ab1 3410->3413 3415 405d06 CharNextW 3410->3415 3566 403859 3411->3566 3509 40592c 3413->3509 3429 403a5e 3415->3429 3417 403ae1 3573 405ca0 3417->3573 3418 403bce 3423 403c51 3418->3423 3424 4062fc 3 API calls 3418->3424 3577 406009 lstrcpynW 3419->3577 3420 403ac1 3594 4060e7 3420->3594 3426 403bdd 3424->3426 3431 4062fc 3 API calls 3426->3431 3427 403af7 lstrcatW lstrcmpiW 3427->3411 3433 403b13 CreateDirectoryW SetCurrentDirectoryW 3427->3433 3428 403a89 3578 40677e 3428->3578 3429->3427 3429->3428 3434 403be6 3431->3434 3436 403b36 3433->3436 3437 403b2b 3433->3437 3438 4062fc 3 API calls 3434->3438 3608 406009 lstrcpynW 3436->3608 3607 406009 lstrcpynW 3437->3607 3441 403bef 3438->3441 3444 403c3d ExitWindowsEx 3441->3444 3450 403bfd GetCurrentProcess 3441->3450 3443 403b44 3609 406009 lstrcpynW 3443->3609 3444->3423 3447 403c4a 3444->3447 3445 403aa6 3593 406009 lstrcpynW 3445->3593 3637 40141d 3447->3637 3453 403c0d 3450->3453 3453->3444 3454 403b79 CopyFileW 3460 403b53 3454->3460 3455 403bc2 3457 406c68 42 API calls 3455->3457 3458 403bc9 3457->3458 3458->3411 3459 406805 18 API calls 3459->3460 3460->3455 3460->3459 3462 403bad CloseHandle 3460->3462 3610 406805 3460->3610 3629 406c68 3460->3629 3634 405c3f CreateProcessW 3460->3634 3462->3460 3464 406314 LoadLibraryA 3463->3464 3465 40631f GetProcAddress 3463->3465 3464->3465 3466 4038c6 SHGetFileInfoW 3464->3466 3465->3466 3467 406009 lstrcpynW 3466->3467 3467->3393 3468->3395 3470 405d0c 3469->3470 3471 40392a CharNextW 3470->3471 3472 405d13 CharNextW 3470->3472 3471->3408 3472->3470 3640 406038 3473->3640 3475 4037e2 3475->3402 3476 4037d8 3476->3475 3649 406722 lstrlenW CharPrevW 3476->3649 3656 405e50 GetFileAttributesW CreateFileW 3481->3656 3483 4035c7 3503 4035d7 3483->3503 3657 406009 lstrcpynW 3483->3657 3485 4035ed 3658 406751 lstrlenW 3485->3658 3489 4035fe GetFileSize 3490 4036fa 3489->3490 3502 403615 3489->3502 3665 4032d2 3490->3665 3492 403703 3494 40373f GlobalAlloc 3492->3494 3492->3503 3699 403368 SetFilePointer 3492->3699 3676 403368 SetFilePointer 3494->3676 3496 4037bd 3499 4032d2 6 API calls 3496->3499 3498 403720 3501 403336 ReadFile 3498->3501 3499->3503 3500 40375a 3677 40337f 3500->3677 3505 40372b 3501->3505 3502->3490 3502->3496 3502->3503 3506 4032d2 6 API calls 3502->3506 3663 403336 ReadFile 3502->3663 3503->3410 3505->3494 3505->3503 3506->3502 3507 403766 3507->3503 3507->3507 3508 403794 SetFilePointer 3507->3508 3508->3503 3510 4062fc 3 API calls 3509->3510 3511 405940 3510->3511 3512 405946 3511->3512 3513 405958 3511->3513 3740 405f51 wsprintfW 3512->3740 3741 405ed3 RegOpenKeyExW 3513->3741 3517 4059a8 lstrcatW 3519 405956 3517->3519 3518 405ed3 3 API calls 3518->3517 3723 403e95 3519->3723 3522 40677e 18 API calls 3523 4059da 3522->3523 3524 405a70 3523->3524 3526 405ed3 3 API calls 3523->3526 3525 40677e 18 API calls 3524->3525 3527 405a76 3525->3527 3528 405a0c 3526->3528 3529 405a86 3527->3529 3530 406805 18 API calls 3527->3530 3528->3524 3534 405a2f lstrlenW 3528->3534 3540 405d06 CharNextW 3528->3540 3531 405aa6 LoadImageW 3529->3531 3747 403e74 3529->3747 3530->3529 3532 405ad1 RegisterClassW 3531->3532 3533 405b66 3531->3533 3538 405b19 SystemParametersInfoW CreateWindowExW 3532->3538 3565 405b70 3532->3565 3539 40141d 80 API calls 3533->3539 3535 405a63 3534->3535 3536 405a3d lstrcmpiW 3534->3536 3543 406722 3 API calls 3535->3543 3536->3535 3541 405a4d GetFileAttributesW 3536->3541 3538->3533 3544 405b6c 3539->3544 3545 405a2a 3540->3545 3546 405a59 3541->3546 3542 405a9c 3542->3531 3547 405a69 3543->3547 3550 403e95 19 API calls 3544->3550 3544->3565 3545->3534 3546->3535 3548 406751 2 API calls 3546->3548 3746 406009 lstrcpynW 3547->3746 3548->3535 3551 405b7d 3550->3551 3552 405b89 ShowWindow LoadLibraryW 3551->3552 3553 405c0c 3551->3553 3555 405ba8 LoadLibraryW 3552->3555 3556 405baf GetClassInfoW 3552->3556 3732 405047 OleInitialize 3553->3732 3555->3556 3557 405bc3 GetClassInfoW RegisterClassW 3556->3557 3558 405bd9 DialogBoxParamW 3556->3558 3557->3558 3560 40141d 80 API calls 3558->3560 3559 405c12 3561 405c16 3559->3561 3562 405c2e 3559->3562 3560->3565 3564 40141d 80 API calls 3561->3564 3561->3565 3563 40141d 80 API calls 3562->3563 3563->3565 3564->3565 3565->3420 3567 403871 3566->3567 3568 403863 CloseHandle 3566->3568 3892 403c83 3567->3892 3568->3567 3574 405cb5 3573->3574 3575 403aef ExitProcess 3574->3575 3576 405ccb MessageBoxIndirectW 3574->3576 3576->3575 3577->3400 3949 406009 lstrcpynW 3578->3949 3580 40678f 3581 405d59 4 API calls 3580->3581 3582 406795 3581->3582 3583 406038 5 API calls 3582->3583 3590 403a97 3582->3590 3589 4067a5 3583->3589 3584 4067dd lstrlenW 3585 4067e4 3584->3585 3584->3589 3586 406722 3 API calls 3585->3586 3588 4067ea GetFileAttributesW 3586->3588 3587 4062d5 2 API calls 3587->3589 3588->3590 3589->3584 3589->3587 3589->3590 3591 406751 2 API calls 3589->3591 3590->3411 3592 406009 lstrcpynW 3590->3592 3591->3584 3592->3445 3593->3413 3595 4060f3 3594->3595 3598 406110 3594->3598 3596 4060fd CloseHandle 3595->3596 3597 406104 3595->3597 3596->3597 3597->3411 3598->3597 3599 406187 3598->3599 3600 40612d 3598->3600 3599->3597 3601 406190 lstrcatW lstrlenW WriteFile 3599->3601 3600->3601 3602 406136 GetFileAttributesW 3600->3602 3601->3597 3950 405e50 GetFileAttributesW CreateFileW 3602->3950 3604 406152 3604->3597 3605 406162 WriteFile 3604->3605 3606 40617c SetFilePointer 3604->3606 3605->3606 3606->3599 3607->3436 3608->3443 3609->3460 3612 406812 3610->3612 3611 406a7f 3613 403b6c DeleteFileW 3611->3613 3953 406009 lstrcpynW 3611->3953 3612->3611 3615 4068d3 GetVersion 3612->3615 3616 406a46 lstrlenW 3612->3616 3617 406805 10 API calls 3612->3617 3623 406038 5 API calls 3612->3623 3951 405f51 wsprintfW 3612->3951 3952 406009 lstrcpynW 3612->3952 3613->3454 3613->3460 3626 4068e0 3615->3626 3616->3612 3617->3616 3620 405ed3 3 API calls 3620->3626 3621 406952 GetSystemDirectoryW 3621->3626 3622 406965 GetWindowsDirectoryW 3622->3626 3623->3612 3624 406805 10 API calls 3624->3626 3625 4069df lstrcatW 3625->3612 3626->3612 3626->3620 3626->3621 3626->3622 3626->3624 3626->3625 3627 406999 SHGetSpecialFolderLocation 3626->3627 3627->3626 3628 4069b1 SHGetPathFromIDListW CoTaskMemFree 3627->3628 3628->3626 3630 4062fc 3 API calls 3629->3630 3631 406c6f 3630->3631 3633 406c90 3631->3633 3954 406a99 lstrcpyW 3631->3954 3633->3460 3635 405c7a 3634->3635 3636 405c6e CloseHandle 3634->3636 3635->3460 3636->3635 3638 40139d 80 API calls 3637->3638 3639 401432 3638->3639 3639->3423 3647 406045 3640->3647 3641 4060c1 CharPrevW 3645 4060bb 3641->3645 3642 4060ae CharNextW 3642->3645 3642->3647 3643 4060e1 3643->3476 3644 405d06 CharNextW 3644->3647 3645->3641 3645->3643 3646 40609a CharNextW 3646->3647 3647->3642 3647->3644 3647->3645 3647->3646 3648 4060a9 CharNextW 3647->3648 3648->3642 3650 4037ea CreateDirectoryW 3649->3650 3651 40673f lstrcatW 3649->3651 3652 405e7f 3650->3652 3651->3650 3653 405e8c GetTickCount GetTempFileNameW 3652->3653 3654 405ec2 3653->3654 3655 4037fe 3653->3655 3654->3653 3654->3655 3655->3402 3656->3483 3657->3485 3659 406760 3658->3659 3660 4035f3 3659->3660 3661 406766 CharPrevW 3659->3661 3662 406009 lstrcpynW 3660->3662 3661->3659 3661->3660 3662->3489 3664 403357 3663->3664 3664->3502 3666 4032f3 3665->3666 3667 4032db 3665->3667 3670 403303 GetTickCount 3666->3670 3671 4032fb 3666->3671 3668 4032e4 DestroyWindow 3667->3668 3669 4032eb 3667->3669 3668->3669 3669->3492 3673 403311 CreateDialogParamW ShowWindow 3670->3673 3674 403334 3670->3674 3700 406332 3671->3700 3673->3674 3674->3492 3676->3500 3679 403398 3677->3679 3678 4033c3 3681 403336 ReadFile 3678->3681 3679->3678 3722 403368 SetFilePointer 3679->3722 3682 4033ce 3681->3682 3683 4033e7 GetTickCount 3682->3683 3684 403518 3682->3684 3686 4033d2 3682->3686 3696 4033fa 3683->3696 3685 40351c 3684->3685 3690 403540 3684->3690 3687 403336 ReadFile 3685->3687 3686->3507 3687->3686 3688 403336 ReadFile 3688->3690 3689 403336 ReadFile 3689->3696 3690->3686 3690->3688 3691 40355f WriteFile 3690->3691 3691->3686 3692 403574 3691->3692 3692->3686 3692->3690 3694 40345c GetTickCount 3694->3696 3695 403485 MulDiv wsprintfW 3711 404f72 3695->3711 3696->3686 3696->3689 3696->3694 3696->3695 3698 4034c9 WriteFile 3696->3698 3704 407312 3696->3704 3698->3686 3698->3696 3699->3498 3701 40634f PeekMessageW 3700->3701 3702 406345 DispatchMessageW 3701->3702 3703 403301 3701->3703 3702->3701 3703->3492 3705 407332 3704->3705 3706 40733a 3704->3706 3705->3696 3706->3705 3707 4073c2 GlobalFree 3706->3707 3708 4073cb GlobalAlloc 3706->3708 3709 407443 GlobalAlloc 3706->3709 3710 40743a GlobalFree 3706->3710 3707->3708 3708->3705 3708->3706 3709->3705 3709->3706 3710->3709 3712 404f8b 3711->3712 3717 40502f 3711->3717 3713 404fa9 lstrlenW 3712->3713 3714 406805 18 API calls 3712->3714 3715 404fd2 3713->3715 3716 404fb7 lstrlenW 3713->3716 3714->3713 3719 404fe5 3715->3719 3720 404fd8 SetWindowTextW 3715->3720 3716->3717 3718 404fc9 lstrcatW 3716->3718 3717->3696 3718->3715 3719->3717 3721 404feb SendMessageW SendMessageW SendMessageW 3719->3721 3720->3719 3721->3717 3722->3678 3724 403ea9 3723->3724 3752 405f51 wsprintfW 3724->3752 3726 403f1d 3727 406805 18 API calls 3726->3727 3728 403f29 SetWindowTextW 3727->3728 3729 403f44 3728->3729 3730 403f5f 3729->3730 3731 406805 18 API calls 3729->3731 3730->3522 3731->3729 3753 403daf 3732->3753 3734 40506a 3737 4062a3 11 API calls 3734->3737 3739 405095 3734->3739 3756 40139d 3734->3756 3735 403daf SendMessageW 3736 4050a5 OleUninitialize 3735->3736 3736->3559 3737->3734 3739->3735 3740->3519 3742 405f07 RegQueryValueExW 3741->3742 3743 405989 3741->3743 3744 405f29 RegCloseKey 3742->3744 3743->3517 3743->3518 3744->3743 3746->3524 3891 406009 lstrcpynW 3747->3891 3749 403e88 3750 406722 3 API calls 3749->3750 3751 403e8e lstrcatW 3750->3751 3751->3542 3752->3726 3754 403dc7 3753->3754 3755 403db8 SendMessageW 3753->3755 3754->3734 3755->3754 3759 4013a4 3756->3759 3757 401410 3757->3734 3759->3757 3760 4013dd MulDiv SendMessageW 3759->3760 3761 4015a0 3759->3761 3760->3759 3762 4015fa 3761->3762 3840 40160c 3761->3840 3763 401601 3762->3763 3764 401742 3762->3764 3765 401962 3762->3765 3766 4019ca 3762->3766 3767 40176e 3762->3767 3768 4017b1 3762->3768 3769 401672 3762->3769 3770 401693 3762->3770 3771 401616 3762->3771 3772 401897 3762->3772 3773 4018db 3762->3773 3774 40163c 3762->3774 3775 4016bd 3762->3775 3784 4016d6 3762->3784 3786 401736 3762->3786 3789 401650 3762->3789 3762->3840 3779 4062a3 11 API calls 3763->3779 3787 401751 ShowWindow 3764->3787 3788 401758 3764->3788 3776 40145c 18 API calls 3765->3776 3783 40145c 18 API calls 3766->3783 3790 40145c 18 API calls 3767->3790 3874 40145c 3768->3874 3791 40145c 18 API calls 3769->3791 3868 401446 3770->3868 3782 40145c 18 API calls 3771->3782 3792 40145c 18 API calls 3772->3792 3780 40145c 18 API calls 3773->3780 3785 401647 PostQuitMessage 3774->3785 3774->3840 3781 4062a3 11 API calls 3775->3781 3794 401968 GetFullPathNameW 3776->3794 3779->3840 3797 4018e2 3780->3797 3798 4016c7 SetForegroundWindow 3781->3798 3799 40161c 3782->3799 3800 4019d1 SearchPathW 3783->3800 3801 401446 18 API calls 3784->3801 3784->3840 3785->3840 3786->3840 3890 405f51 wsprintfW 3786->3890 3787->3788 3802 401765 ShowWindow 3788->3802 3788->3840 3813 4062a3 11 API calls 3789->3813 3803 401775 3790->3803 3804 401678 3791->3804 3793 40189d 3792->3793 3886 4062d5 FindFirstFileW 3793->3886 3806 4019a1 3794->3806 3807 40197f 3794->3807 3796 40169a 3871 4062a3 lstrlenW wvsprintfW 3796->3871 3811 40145c 18 API calls 3797->3811 3798->3840 3812 4062a3 11 API calls 3799->3812 3800->3840 3801->3840 3802->3840 3814 4062a3 11 API calls 3803->3814 3815 4062a3 11 API calls 3804->3815 3828 4019b8 GetShortPathNameW 3806->3828 3806->3840 3807->3806 3835 4062d5 2 API calls 3807->3835 3808 4062a3 11 API calls 3818 4017c9 3808->3818 3820 4018eb 3811->3820 3821 401627 3812->3821 3822 401664 3813->3822 3823 401785 SetFileAttributesW 3814->3823 3816 401683 3815->3816 3833 404f72 25 API calls 3816->3833 3879 405d59 CharNextW CharNextW 3818->3879 3829 40145c 18 API calls 3820->3829 3830 404f72 25 API calls 3821->3830 3831 40139d 65 API calls 3822->3831 3832 40179a 3823->3832 3823->3840 3824 4018c2 3836 4062a3 11 API calls 3824->3836 3825 4018a9 3834 4062a3 11 API calls 3825->3834 3828->3840 3837 4018f5 3829->3837 3830->3840 3831->3840 3838 4062a3 11 API calls 3832->3838 3833->3840 3834->3840 3839 401991 3835->3839 3836->3840 3842 4062a3 11 API calls 3837->3842 3838->3840 3839->3806 3889 406009 lstrcpynW 3839->3889 3840->3759 3841 401864 3841->3816 3845 40186e 3841->3845 3844 401902 MoveFileW 3842->3844 3843 405d06 CharNextW 3847 4017e6 CreateDirectoryW 3843->3847 3848 401912 3844->3848 3849 40191e 3844->3849 3850 404f72 25 API calls 3845->3850 3851 4017fe GetLastError 3847->3851 3861 4017d4 3847->3861 3848->3816 3855 4062d5 2 API calls 3849->3855 3867 401942 3849->3867 3852 401875 3850->3852 3853 401827 GetFileAttributesW 3851->3853 3854 40180b GetLastError 3851->3854 3885 406009 lstrcpynW 3852->3885 3853->3861 3857 4062a3 11 API calls 3854->3857 3858 401929 3855->3858 3857->3861 3864 406c68 42 API calls 3858->3864 3858->3867 3859 401882 SetCurrentDirectoryW 3859->3840 3860 4062a3 11 API calls 3863 40195c 3860->3863 3861->3841 3861->3843 3862 4062a3 11 API calls 3861->3862 3862->3861 3863->3840 3865 401936 3864->3865 3866 404f72 25 API calls 3865->3866 3866->3867 3867->3860 3869 406805 18 API calls 3868->3869 3870 401455 3869->3870 3870->3796 3872 4060e7 9 API calls 3871->3872 3873 4016a7 Sleep 3872->3873 3873->3840 3875 406805 18 API calls 3874->3875 3876 401488 3875->3876 3877 401497 3876->3877 3878 406038 5 API calls 3876->3878 3877->3808 3878->3877 3880 405d76 3879->3880 3883 405d88 3879->3883 3882 405d83 CharNextW 3880->3882 3880->3883 3881 405dac 3881->3861 3882->3881 3883->3881 3884 405d06 CharNextW 3883->3884 3884->3883 3885->3859 3887 4018a5 3886->3887 3888 4062eb FindClose 3886->3888 3887->3824 3887->3825 3888->3887 3889->3806 3890->3840 3891->3749 3893 403c91 3892->3893 3894 403c96 FreeLibrary GlobalFree 3893->3894 3895 403876 3893->3895 3894->3894 3894->3895 3896 406c9b 3895->3896 3897 40677e 18 API calls 3896->3897 3898 406cae 3897->3898 3899 406cb7 DeleteFileW 3898->3899 3900 406cce 3898->3900 3941 403882 CoUninitialize 3899->3941 3901 406e4b 3900->3901 3944 406009 lstrcpynW 3900->3944 3904 406e58 3901->3904 3908 4062d5 2 API calls 3901->3908 3901->3941 3903 406cf9 3905 406d03 lstrcatW 3903->3905 3906 406d0d 3903->3906 3913 4062a3 11 API calls 3904->3913 3907 406d13 3905->3907 3909 406751 2 API calls 3906->3909 3911 406d23 lstrcatW 3907->3911 3912 406d19 3907->3912 3910 406e64 3908->3910 3909->3907 3915 406722 3 API calls 3910->3915 3910->3941 3914 406d2b lstrlenW FindFirstFileW 3911->3914 3912->3911 3912->3914 3913->3941 3916 406e3b 3914->3916 3930 406d52 3914->3930 3918 406e6e 3915->3918 3916->3901 3917 405d06 CharNextW 3917->3930 3919 4062a3 11 API calls 3918->3919 3920 406e79 3919->3920 3921 405e30 2 API calls 3920->3921 3922 406e81 RemoveDirectoryW 3921->3922 3926 406ec4 3922->3926 3927 406e8d 3922->3927 3923 406e18 FindNextFileW 3925 406e30 FindClose 3923->3925 3923->3930 3925->3916 3928 404f72 25 API calls 3926->3928 3927->3904 3929 406e93 3927->3929 3928->3941 3932 4062a3 11 API calls 3929->3932 3930->3917 3930->3923 3931 4062a3 11 API calls 3930->3931 3934 406c9b 72 API calls 3930->3934 3940 404f72 25 API calls 3930->3940 3942 404f72 25 API calls 3930->3942 3943 406c68 42 API calls 3930->3943 3945 406009 lstrcpynW 3930->3945 3946 405e30 GetFileAttributesW 3930->3946 3931->3930 3933 406e9d 3932->3933 3936 404f72 25 API calls 3933->3936 3934->3930 3938 406ea7 3936->3938 3939 406c68 42 API calls 3938->3939 3939->3941 3940->3923 3941->3417 3941->3418 3942->3930 3943->3930 3944->3903 3945->3930 3947 405e4d DeleteFileW 3946->3947 3948 405e3f SetFileAttributesW 3946->3948 3947->3930 3948->3947 3949->3580 3950->3604 3951->3612 3952->3612 3953->3613 3955 406ae7 GetShortPathNameW 3954->3955 3956 406abe 3954->3956 3958 406b00 3955->3958 3959 406c62 3955->3959 3980 405e50 GetFileAttributesW CreateFileW 3956->3980 3958->3959 3961 406b08 WideCharToMultiByte 3958->3961 3959->3633 3960 406ac7 CloseHandle GetShortPathNameW 3960->3959 3962 406adf 3960->3962 3961->3959 3963 406b25 WideCharToMultiByte 3961->3963 3962->3955 3962->3959 3963->3959 3964 406b3d wsprintfA 3963->3964 3965 406805 18 API calls 3964->3965 3966 406b69 3965->3966 3981 405e50 GetFileAttributesW CreateFileW 3966->3981 3968 406b76 3968->3959 3969 406b83 GetFileSize GlobalAlloc 3968->3969 3970 406ba4 ReadFile 3969->3970 3971 406c58 CloseHandle 3969->3971 3970->3971 3972 406bbe 3970->3972 3971->3959 3972->3971 3982 405db6 lstrlenA 3972->3982 3975 406bd7 lstrcpyA 3978 406bf9 3975->3978 3976 406beb 3977 405db6 4 API calls 3976->3977 3977->3978 3979 406c30 SetFilePointer WriteFile GlobalFree 3978->3979 3979->3971 3980->3960 3981->3968 3983 405df7 lstrlenA 3982->3983 3984 405dd0 lstrcmpiA 3983->3984 3985 405dff 3983->3985 3984->3985 3986 405dee CharNextA 3984->3986 3985->3975 3985->3976 3986->3983 4851 402a84 4852 401553 19 API calls 4851->4852 4853 402a8e 4852->4853 4854 401446 18 API calls 4853->4854 4855 402a98 4854->4855 4856 401a13 4855->4856 4857 402ab2 RegEnumKeyW 4855->4857 4858 402abe RegEnumValueW 4855->4858 4859 402a7e 4857->4859 4858->4856 4858->4859 4859->4856 4860 4029e4 RegCloseKey 4859->4860 4860->4856 4861 402c8a 4862 402ca2 4861->4862 4863 402c8f 4861->4863 4865 40145c 18 API calls 4862->4865 4864 401446 18 API calls 4863->4864 4867 402c97 4864->4867 4866 402ca9 lstrlenW 4865->4866 4866->4867 4868 402ccb WriteFile 4867->4868 4869 401a13 4867->4869 4868->4869 4870 40400d 4871 40401a lstrcpynA lstrlenA 4870->4871 4872 40406a 4870->4872 4871->4872 4873 40404b 4871->4873 4873->4872 4874 404057 GlobalFree 4873->4874 4874->4872 4875 401d8e 4876 40145c 18 API calls 4875->4876 4877 401d95 ExpandEnvironmentStringsW 4876->4877 4878 401da8 4877->4878 4880 401db9 4877->4880 4879 401dad lstrcmpW 4878->4879 4878->4880 4879->4880 4881 401e0f 4882 401446 18 API calls 4881->4882 4883 401e17 4882->4883 4884 401446 18 API calls 4883->4884 4885 401e21 4884->4885 4886 4030e3 4885->4886 4888 405f51 wsprintfW 4885->4888 4888->4886 4889 402392 4890 40145c 18 API calls 4889->4890 4891 402399 4890->4891 4894 4071f8 4891->4894 4895 406ed2 25 API calls 4894->4895 4896 407218 4895->4896 4897 407222 lstrcpynW lstrcmpW 4896->4897 4898 4023a7 4896->4898 4899 407254 4897->4899 4900 40725a lstrcpynW 4897->4900 4899->4900 4900->4898 3987 402713 4002 406009 lstrcpynW 3987->4002 3989 40272c 4003 406009 lstrcpynW 3989->4003 3991 402738 3992 402743 3991->3992 3993 40145c 18 API calls 3991->3993 3994 402752 3992->3994 3995 40145c 18 API calls 3992->3995 3993->3992 3996 40145c 18 API calls 3994->3996 3998 402761 3994->3998 3995->3994 3996->3998 3997 40145c 18 API calls 3999 40276b 3997->3999 3998->3997 4000 4062a3 11 API calls 3999->4000 4001 40277f WritePrivateProfileStringW 4000->4001 4002->3989 4003->3991 4901 402797 4902 40145c 18 API calls 4901->4902 4903 4027ae 4902->4903 4904 40145c 18 API calls 4903->4904 4905 4027b7 4904->4905 4906 40145c 18 API calls 4905->4906 4907 4027c0 GetPrivateProfileStringW lstrcmpW 4906->4907 4908 402e18 4909 40145c 18 API calls 4908->4909 4910 402e1f FindFirstFileW 4909->4910 4911 402e32 4910->4911 4916 405f51 wsprintfW 4911->4916 4913 402e43 4917 406009 lstrcpynW 4913->4917 4915 402e50 4916->4913 4917->4915 4918 401e9a 4919 40145c 18 API calls 4918->4919 4920 401ea1 4919->4920 4921 401446 18 API calls 4920->4921 4922 401eab wsprintfW 4921->4922 4214 401a1f 4215 40145c 18 API calls 4214->4215 4216 401a26 4215->4216 4217 4062a3 11 API calls 4216->4217 4218 401a49 4217->4218 4219 401a64 4218->4219 4220 401a5c 4218->4220 4268 406009 lstrcpynW 4219->4268 4267 406009 lstrcpynW 4220->4267 4223 401a62 4227 406038 5 API calls 4223->4227 4224 401a6f 4225 406722 3 API calls 4224->4225 4226 401a75 lstrcatW 4225->4226 4226->4223 4249 401a81 4227->4249 4228 4062d5 2 API calls 4228->4249 4229 405e30 2 API calls 4229->4249 4231 401a98 CompareFileTime 4231->4249 4232 401ba9 4233 404f72 25 API calls 4232->4233 4235 401bb3 4233->4235 4234 404f72 25 API calls 4236 401b70 4234->4236 4237 40337f 37 API calls 4235->4237 4240 4062a3 11 API calls 4236->4240 4238 401bc6 4237->4238 4241 4062a3 11 API calls 4238->4241 4239 406009 lstrcpynW 4239->4249 4264 401b8b 4240->4264 4242 401bda 4241->4242 4243 401be9 SetFileTime 4242->4243 4244 401bf8 CloseHandle 4242->4244 4243->4244 4246 401c09 4244->4246 4244->4264 4245 406805 18 API calls 4245->4249 4247 401c21 4246->4247 4248 401c0e 4246->4248 4251 406805 18 API calls 4247->4251 4250 406805 18 API calls 4248->4250 4249->4228 4249->4229 4249->4231 4249->4232 4249->4239 4249->4245 4252 405ca0 MessageBoxIndirectW 4249->4252 4256 401b50 4249->4256 4258 4062a3 11 API calls 4249->4258 4265 401b5d 4249->4265 4266 405e50 GetFileAttributesW CreateFileW 4249->4266 4253 401c16 lstrcatW 4250->4253 4254 401c29 4251->4254 4252->4249 4253->4254 4255 4062a3 11 API calls 4254->4255 4257 401c34 4255->4257 4259 401b93 4256->4259 4260 401b53 4256->4260 4261 405ca0 MessageBoxIndirectW 4257->4261 4258->4249 4262 4062a3 11 API calls 4259->4262 4263 4062a3 11 API calls 4260->4263 4261->4264 4262->4264 4263->4265 4265->4234 4266->4249 4267->4223 4268->4224 4923 40209f GetDlgItem GetClientRect 4924 40145c 18 API calls 4923->4924 4925 4020cf LoadImageW SendMessageW 4924->4925 4926 4030e3 4925->4926 4927 4020ed DeleteObject 4925->4927 4927->4926 4928 402b9f 4929 401446 18 API calls 4928->4929 4932 402ba7 4929->4932 4930 401446 18 API calls 4939 402c3d 4930->4939 4931 402bdf ReadFile 4931->4932 4931->4939 4932->4931 4933 402c06 MultiByteToWideChar 4932->4933 4934 402c3f 4932->4934 4935 402c4f 4932->4935 4932->4939 4940 402c4a 4932->4940 4933->4932 4933->4935 4941 405f51 wsprintfW 4934->4941 4937 402c6b SetFilePointer 4935->4937 4935->4939 4937->4939 4938 402d17 ReadFile 4938->4939 4939->4930 4939->4938 4939->4940 4941->4940 4942 402b23 GlobalAlloc 4943 402b39 4942->4943 4944 402b4b 4942->4944 4945 401446 18 API calls 4943->4945 4946 40145c 18 API calls 4944->4946 4948 402b41 4945->4948 4947 402b52 WideCharToMultiByte lstrlenA 4946->4947 4947->4948 4949 402b84 WriteFile 4948->4949 4951 402b93 4948->4951 4950 402384 GlobalFree 4949->4950 4949->4951 4950->4951 4953 4044a5 4954 404512 4953->4954 4955 4044df 4953->4955 4956 40451f GetDlgItem GetAsyncKeyState 4954->4956 4964 4045b1 4954->4964 5021 405c84 GetDlgItemTextW 4955->5021 4958 40453e GetDlgItem 4956->4958 4972 40455c 4956->4972 4961 403d3f 19 API calls 4958->4961 4959 40469d 4963 404833 4959->4963 5023 405c84 GetDlgItemTextW 4959->5023 4960 4044ea 4962 406038 5 API calls 4960->4962 4967 404551 ShowWindow 4961->4967 4965 4044f0 4962->4965 4971 403dca 8 API calls 4963->4971 4964->4959 4964->4963 4970 406805 18 API calls 4964->4970 4968 403e74 5 API calls 4965->4968 4967->4972 4973 4044f5 GetDlgItem 4968->4973 4969 4046c9 4974 40677e 18 API calls 4969->4974 4975 40462f SHBrowseForFolderW 4970->4975 4976 404847 4971->4976 4977 404579 SetWindowTextW 4972->4977 4982 405d59 4 API calls 4972->4982 4973->4963 4978 404503 IsDlgButtonChecked 4973->4978 4980 4046cf 4974->4980 4975->4959 4981 404647 CoTaskMemFree 4975->4981 4979 403d3f 19 API calls 4977->4979 4978->4954 4983 404597 4979->4983 5024 406009 lstrcpynW 4980->5024 4984 406722 3 API calls 4981->4984 4985 40456f 4982->4985 4986 403d3f 19 API calls 4983->4986 4987 404654 4984->4987 4985->4977 4989 406722 3 API calls 4985->4989 4990 4045a2 4986->4990 4991 40468b SetDlgItemTextW 4987->4991 4996 406805 18 API calls 4987->4996 4989->4977 5022 403d98 SendMessageW 4990->5022 4991->4959 4992 4046e6 4994 4062fc 3 API calls 4992->4994 5004 4046ee 4994->5004 4995 4045aa 4997 4062fc 3 API calls 4995->4997 4998 404673 lstrcmpiW 4996->4998 4997->4964 4998->4991 5001 404684 lstrcatW 4998->5001 4999 404730 5025 406009 lstrcpynW 4999->5025 5001->4991 5002 404739 5003 405d59 4 API calls 5002->5003 5005 40473f GetDiskFreeSpaceW 5003->5005 5004->4999 5007 406751 2 API calls 5004->5007 5009 404785 5004->5009 5008 404763 MulDiv 5005->5008 5005->5009 5007->5004 5008->5009 5010 4047e2 5009->5010 5011 4043ad 21 API calls 5009->5011 5012 404805 5010->5012 5013 40141d 80 API calls 5010->5013 5014 4047d3 5011->5014 5026 403d85 KiUserCallbackDispatcher 5012->5026 5013->5012 5016 4047e4 SetDlgItemTextW 5014->5016 5017 4047d8 5014->5017 5016->5010 5019 4043ad 21 API calls 5017->5019 5018 404821 5018->4963 5027 403d61 5018->5027 5019->5010 5021->4960 5022->4995 5023->4969 5024->4992 5025->5002 5026->5018 5028 403d74 SendMessageW 5027->5028 5029 403d6f 5027->5029 5028->4963 5029->5028 5030 402da5 5031 402dac 5030->5031 5033 4030e3 5030->5033 5032 401446 18 API calls 5031->5032 5034 402db8 5032->5034 5035 402dbf SetFilePointer 5034->5035 5035->5033 5036 402dcf 5035->5036 5036->5033 5038 405f51 wsprintfW 5036->5038 5038->5033 5039 401cb2 5040 40145c 18 API calls 5039->5040 5041 401c54 5040->5041 5042 4062a3 11 API calls 5041->5042 5043 401c64 5041->5043 5044 401c59 5042->5044 5045 406c9b 81 API calls 5044->5045 5045->5043 4014 4021b5 4015 40145c 18 API calls 4014->4015 4016 4021bb 4015->4016 4017 40145c 18 API calls 4016->4017 4018 4021c4 4017->4018 4019 40145c 18 API calls 4018->4019 4020 4021cd 4019->4020 4021 40145c 18 API calls 4020->4021 4022 4021d6 4021->4022 4023 404f72 25 API calls 4022->4023 4024 4021e2 ShellExecuteW 4023->4024 4025 40220d 4024->4025 4028 40221b 4024->4028 4026 4062a3 11 API calls 4025->4026 4026->4028 4027 4062a3 11 API calls 4029 402230 4027->4029 4028->4027 5053 402238 5054 40145c 18 API calls 5053->5054 5055 40223e 5054->5055 5056 4062a3 11 API calls 5055->5056 5057 40224b 5056->5057 5058 404f72 25 API calls 5057->5058 5059 402255 5058->5059 5060 405c3f 2 API calls 5059->5060 5061 40225b 5060->5061 5062 4022ac CloseHandle 5061->5062 5063 4062a3 11 API calls 5061->5063 5067 4030e3 5062->5067 5065 40226d 5063->5065 5065->5062 5066 402283 WaitForSingleObject 5065->5066 5069 406332 2 API calls 5065->5069 5066->5065 5068 402291 GetExitCodeProcess 5066->5068 5068->5062 5070 4022a3 5068->5070 5069->5066 5072 405f51 wsprintfW 5070->5072 5072->5062 4123 401eb9 4124 401f24 4123->4124 4125 401ec6 4123->4125 4126 401f53 GlobalAlloc 4124->4126 4127 401f28 4124->4127 4128 401ed5 4125->4128 4134 401ef7 4125->4134 4129 406805 18 API calls 4126->4129 4130 401f36 4127->4130 4133 4062a3 11 API calls 4127->4133 4131 4062a3 11 API calls 4128->4131 4132 401f46 4129->4132 4147 406009 lstrcpynW 4130->4147 4142 401ee2 4131->4142 4136 402387 GlobalFree 4132->4136 4144 402708 4132->4144 4133->4130 4145 406009 lstrcpynW 4134->4145 4136->4144 4138 401f06 4146 406009 lstrcpynW 4138->4146 4139 406805 18 API calls 4139->4142 4141 401f15 4148 406009 lstrcpynW 4141->4148 4142->4139 4142->4144 4145->4138 4146->4141 4147->4132 4148->4144 5073 4074bb 5074 407344 5073->5074 5075 407c6d 5074->5075 5076 4073c2 GlobalFree 5074->5076 5077 4073cb GlobalAlloc 5074->5077 5078 407443 GlobalAlloc 5074->5078 5079 40743a GlobalFree 5074->5079 5076->5077 5077->5074 5077->5075 5078->5074 5078->5075 5079->5078

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                  • API String ID: 2110491804-2409696222
                                                                                                                                                                                                                                                                                                  • Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                                                                                                                                                                  Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 321 4039f5-403a0d GetTempPathW call 4037cc 317->321 319 403944-40394a 318->319 320 40394c-403950 318->320 319->319 319->320 323 403952-403957 320->323 324 403958-40395c 320->324 328 403a33-403a4d DeleteFileW call 403587 321->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 321->329 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 341 4039c7 326->341 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 336 403970-403973 331->336 337 403975 331->337 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 336->332 336->337 337->332 341->316 343->326 359 4039d8-4039f0 call 407d6e call 406009 343->359 348 403997-40399a 344->348 349 40399c 344->349 357 403ae1-403af1 call 405ca0 ExitProcess 345->357 358 403bce-403bd4 345->358 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 361 403ac1-403ac7 call 4060e7 351->361 364 403a79-403a7b 352->364 366 403c51-403c59 358->366 367 403bd6-403bf3 call 4062fc * 3 358->367 359->321 361->345 369 403a62-403a74 call 403800 364->369 370 403a7d-403a87 364->370 371 403c5b 366->371 372 403c5f 366->372 396 403bf5-403bf7 367->396 397 403c3d-403c48 ExitWindowsEx 367->397 369->370 384 403a76 369->384 376 403af7-403b11 lstrcatW lstrcmpiW 370->376 377 403a89-403a99 call 40677e 370->377 371->372 376->345 382 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 376->382 377->345 390 403a9b-403ab1 call 406009 * 2 377->390 387 403b36-403b56 call 406009 * 2 382->387 388 403b2b-403b31 call 406009 382->388 384->364 407 403b5b-403b77 call 406805 DeleteFileW 387->407 388->387 390->351 396->397 401 403bf9-403bfb 396->401 397->366 400 403c4a-403c4c call 40141d 397->400 400->366 401->397 405 403bfd-403c0f GetCurrentProcess 401->405 405->397 413 403c11-403c33 405->413 411 403bb8-403bc0 407->411 412 403b79-403b89 CopyFileW 407->412 411->407 415 403bc2-403bc9 call 406c68 411->415 412->411 414 403b8b-403bab call 406c68 call 406805 call 405c3f 412->414 413->397 414->411 425 403bad-403bb4 CloseHandle 414->425 415->345 425->411
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • #17.COMCTL32 ref: 004038A2
                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                                                                                                                                                                  • API String ID: 2435955865-239407132
                                                                                                                                                                                                                                                                                                  • Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                                                                                                                                                                  Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 820 4074bb-4074c0 821 4074c2-4074ef 820->821 822 40752f-407547 820->822 823 4074f1-4074f4 821->823 824 4074f6-4074fa 821->824 825 407aeb-407aff 822->825 826 407506-407509 823->826 827 407502 824->827 828 4074fc-407500 824->828 829 407b01-407b17 825->829 830 407b19-407b2c 825->830 831 407527-40752a 826->831 832 40750b-407514 826->832 827->826 828->826 833 407b33-407b3a 829->833 830->833 838 4076f6-407713 831->838 836 407516 832->836 837 407519-407525 832->837 834 407b61-407c68 833->834 835 407b3c-407b40 833->835 851 407350 834->851 852 407cec 834->852 839 407b46-407b5e 835->839 840 407ccd-407cd4 835->840 836->837 844 407589-4075b6 837->844 842 407715-407729 838->842 843 40772b-40773e 838->843 839->834 845 407cdd-407cea 840->845 849 407741-40774b 842->849 843->849 846 4075d2-4075ec 844->846 847 4075b8-4075d0 844->847 850 407cef-407cf6 845->850 853 4075f0-4075fa 846->853 847->853 854 40774d 849->854 855 4076ee-4076f4 849->855 856 407357-40735b 851->856 857 40749b-4074b6 851->857 858 40746d-407471 851->858 859 4073ff-407403 851->859 852->850 862 407600 853->862 863 407571-407577 853->863 864 407845-4078a1 854->864 865 4076c9-4076cd 854->865 855->838 861 407692-40769c 855->861 856->845 873 407361-40736e 856->873 857->825 874 407c76-407c7d 858->874 875 407477-40748b 858->875 877 407409-407420 859->877 878 407c6d-407c74 859->878 866 4076a2-4076c4 861->866 867 407c9a-407ca1 861->867 880 407556-40756e 862->880 881 407c7f-407c86 862->881 868 40762a-407630 863->868 869 40757d-407583 863->869 864->825 871 407c91-407c98 865->871 872 4076d3-4076eb 865->872 866->864 867->845 882 40768e 868->882 884 407632-40764f 868->884 869->844 869->882 871->845 872->855 873->852 883 407374-4073ba 873->883 874->845 879 40748e-407496 875->879 885 407423-407427 877->885 878->845 879->858 889 407498 879->889 880->863 881->845 882->861 887 4073e2-4073e4 883->887 888 4073bc-4073c0 883->888 890 407651-407665 884->890 891 407667-40767a 884->891 885->859 886 407429-40742f 885->886 892 407431-407438 886->892 893 407459-40746b 886->893 896 4073f5-4073fd 887->896 897 4073e6-4073f3 887->897 894 4073c2-4073c5 GlobalFree 888->894 895 4073cb-4073d9 GlobalAlloc 888->895 889->857 898 40767d-407687 890->898 891->898 899 407443-407453 GlobalAlloc 892->899 900 40743a-40743d GlobalFree 892->900 893->879 894->895 895->852 901 4073df 895->901 896->885 897->896 897->897 898->868 902 407689 898->902 899->852 899->893 900->899 901->887 904 407c88-407c8f 902->904 905 40760f-407627 902->905 904->845 905->868
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                                                  • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                                                                                                                                                                  Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                                                  • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                                                                                                                                                                  Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                                                                                                                                                                  Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: @rD
                                                                                                                                                                                                                                                                                                  • API String ID: 3282139019-3814967855
                                                                                                                                                                                                                                                                                                  • Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                                                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 187 4030ee-4030f2 160->187 162 401601-401611 call 4062a3 161->162 163 401742-40174f 161->163 164 401962-40197d call 40145c GetFullPathNameW 161->164 165 4019ca-4019e6 call 40145c SearchPathW 161->165 166 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->166 167 401650-40166d call 40137e call 4062a3 call 40139d 161->167 168 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->168 169 401672-401686 call 40145c call 4062a3 161->169 170 401693-4016ac call 401446 call 4062a3 161->170 171 401715-401731 161->171 172 401616-40162d call 40145c call 4062a3 call 404f72 161->172 173 4016d6-4016db 161->173 174 401736-4030de 161->174 175 401897-4018a7 call 40145c call 4062d5 161->175 176 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->176 177 40163c-401645 161->177 178 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->178 162->187 194 401751-401755 ShowWindow 163->194 195 401758-40175f 163->195 216 4019a3-4019a8 164->216 217 40197f-401984 164->217 165->160 223 4019ec-4019f8 165->223 166->160 249 40179a-4017a6 call 4062a3 166->249 167->187 263 401864-40186c 168->263 264 4017de-4017fc call 405d06 CreateDirectoryW 168->264 238 401689-40168e call 404f72 169->238 243 4016b1-4016b8 Sleep 170->243 244 4016ae-4016b0 170->244 171->187 191 401632-401637 172->191 189 401702-401710 173->189 190 4016dd-4016fd call 401446 173->190 174->160 219 4030de call 405f51 174->219 239 4018c2-4018d6 call 4062a3 175->239 240 4018a9-4018bd call 4062a3 175->240 274 401912-401919 176->274 275 40191e-401921 176->275 177->191 192 401647-40164e PostQuitMessage 177->192 178->160 189->160 190->160 191->187 192->191 194->195 195->160 212 401765-401769 ShowWindow 195->212 212->160 231 4019af-4019b2 216->231 230 401986-401989 217->230 217->231 219->160 223->160 230->231 241 40198b-401993 call 4062d5 230->241 231->160 245 4019b8-4019c5 GetShortPathNameW 231->245 238->160 239->187 240->187 241->216 266 401995-4019a1 call 406009 241->266 243->160 244->243 245->160 258 4017ab-4017ac 249->258 258->160 270 401890-401892 263->270 271 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 263->271 278 401846-40184e call 4062a3 264->278 279 4017fe-401809 GetLastError 264->279 266->231 270->238 271->160 274->238 280 401923-40192b call 4062d5 275->280 281 40194a-401950 275->281 292 401853-401854 278->292 283 401827-401832 GetFileAttributesW 279->283 284 40180b-401825 GetLastError call 4062a3 279->284 280->281 298 40192d-401948 call 406c68 call 404f72 280->298 288 401957-40195d call 4062a3 281->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->258 290->292 291->263 291->264 292->291 298->288
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                  • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                  • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                                                  • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                                                                                                                                                                  Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                  • API String ID: 608394941-1650083594
                                                                                                                                                                                                                                                                                                  • Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                                                                                                                                                                                  • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                                                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,open,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
                                                                                                                                                                                                                                                                                                  • API String ID: 4286501637-2478300759
                                                                                                                                                                                                                                                                                                  • Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                                                                                                                                                                  Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 587 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 590 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 587->590 591 4035d7-4035dc 587->591 599 403615 590->599 600 4036fc-40370a call 4032d2 590->600 592 4037b6-4037ba 591->592 602 40361a-403631 599->602 606 403710-403713 600->606 607 4037c5-4037ca 600->607 604 403633 602->604 605 403635-403637 call 403336 602->605 604->605 611 40363c-40363e 605->611 609 403715-40372d call 403368 call 403336 606->609 610 40373f-403769 GlobalAlloc call 403368 call 40337f 606->610 607->592 609->607 633 403733-403739 609->633 610->607 638 40376b-40377c 610->638 613 403644-40364b 611->613 614 4037bd-4037c4 call 4032d2 611->614 618 4036c7-4036cb 613->618 619 40364d-403661 call 405e0c 613->619 614->607 622 4036d5-4036db 618->622 623 4036cd-4036d4 call 4032d2 618->623 619->622 636 403663-40366a 619->636 629 4036ea-4036f4 622->629 630 4036dd-4036e7 call 407281 622->630 623->622 629->602 637 4036fa 629->637 630->629 633->607 633->610 636->622 640 40366c-403673 636->640 637->600 641 403784-403787 638->641 642 40377e 638->642 640->622 644 403675-40367c 640->644 643 40378a-403792 641->643 642->641 643->643 645 403794-4037af SetFilePointer call 405e0c 643->645 644->622 646 40367e-403685 644->646 650 4037b4 645->650 646->622 647 403687-4036a7 646->647 647->607 649 4036ad-4036b1 647->649 651 4036b3-4036b7 649->651 652 4036b9-4036c1 649->652 650->592 651->637 651->652 652->622 653 4036c3-4036c5 652->653 653->622
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Error launching installer, xrefs: 004035D7
                                                                                                                                                                                                                                                                                                  • soft, xrefs: 00403675
                                                                                                                                                                                                                                                                                                  • Null, xrefs: 0040367E
                                                                                                                                                                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                                                                                                                                                                  • Inst, xrefs: 0040366C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                  • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                                                                                                                                                                  Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 654 40337f-403396 655 403398 654->655 656 40339f-4033a7 654->656 655->656 657 4033a9 656->657 658 4033ae-4033b3 656->658 657->658 659 4033c3-4033d0 call 403336 658->659 660 4033b5-4033be call 403368 658->660 664 4033d2 659->664 665 4033da-4033e1 659->665 660->659 666 4033d4-4033d5 664->666 667 4033e7-403407 GetTickCount call 4072f2 665->667 668 403518-40351a 665->668 669 403539-40353d 666->669 680 403536 667->680 682 40340d-403415 667->682 670 40351c-40351f 668->670 671 40357f-403583 668->671 673 403521 670->673 674 403524-40352d call 403336 670->674 675 403540-403546 671->675 676 403585 671->676 673->674 674->664 689 403533 674->689 678 403548 675->678 679 40354b-403559 call 403336 675->679 676->680 678->679 679->664 691 40355f-403572 WriteFile 679->691 680->669 685 403417 682->685 686 40341a-403428 call 403336 682->686 685->686 686->664 692 40342a-403433 686->692 689->680 693 403511-403513 691->693 694 403574-403577 691->694 695 403439-403456 call 407312 692->695 693->666 694->693 696 403579-40357c 694->696 699 40350a-40350c 695->699 700 40345c-403473 GetTickCount 695->700 696->671 699->666 701 403475-40347d 700->701 702 4034be-4034c2 700->702 703 403485-4034b6 MulDiv wsprintfW call 404f72 701->703 704 40347f-403483 701->704 705 4034c4-4034c7 702->705 706 4034ff-403502 702->706 712 4034bb 703->712 704->702 704->703 709 4034e7-4034ed 705->709 710 4034c9-4034db WriteFile 705->710 706->682 707 403508 706->707 707->680 711 4034f3-4034f7 709->711 710->693 713 4034dd-4034e0 710->713 711->695 715 4034fd 711->715 712->702 713->693 714 4034e2-4034e5 713->714 714->711 715->680
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                  • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                                                                                                                                                                  • API String ID: 651206458-1535804072
                                                                                                                                                                                                                                                                                                  • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                                                                                                                                                                  Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 716 404f72-404f85 717 405042-405044 716->717 718 404f8b-404f9e 716->718 719 404fa0-404fa4 call 406805 718->719 720 404fa9-404fb5 lstrlenW 718->720 719->720 722 404fd2-404fd6 720->722 723 404fb7-404fc7 lstrlenW 720->723 726 404fe5-404fe9 722->726 727 404fd8-404fdf SetWindowTextW 722->727 724 405040-405041 723->724 725 404fc9-404fcd lstrcatW 723->725 724->717 725->722 728 404feb-40502d SendMessageW * 3 726->728 729 40502f-405031 726->729 727->726 728->729 729->724 730 405033-405038 729->730 730->724
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                                                                                                                                                                  Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 731 401eb9-401ec4 732 401f24-401f26 731->732 733 401ec6-401ec9 731->733 734 401f53-401f7b GlobalAlloc call 406805 732->734 735 401f28-401f2a 732->735 736 401ed5-401ee3 call 4062a3 733->736 737 401ecb-401ecf 733->737 748 4030e3-4030f2 734->748 749 402387-40238d GlobalFree 734->749 739 401f3c-401f4e call 406009 735->739 740 401f2c-401f36 call 4062a3 735->740 752 401ee4-402702 call 406805 736->752 737->733 741 401ed1-401ed3 737->741 739->749 740->739 741->736 745 401ef7-402e50 call 406009 * 3 741->745 745->748 749->748 764 402708-40270e 752->764 764->748
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNELBASE(0066EE00), ref: 00402387
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                  • String ID: Exch: stack < %d elements$Pop: stack empty$open
                                                                                                                                                                                                                                                                                                  • API String ID: 1459762280-1711415406
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                                                                                                                                                                                  • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                                                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 766 4022fd-402325 call 40145c GetFileVersionInfoSizeW 769 4030e3-4030f2 766->769 770 40232b-402339 GlobalAlloc 766->770 770->769 771 40233f-40234e GetFileVersionInfoW 770->771 773 402350-402367 VerQueryValueW 771->773 774 402384-40238d GlobalFree 771->774 773->774 776 402369-402381 call 405f51 * 2 773->776 774->769 776->774
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNELBASE(0066EE00), ref: 00402387
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                                                  • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                                                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 782 402b23-402b37 GlobalAlloc 783 402b39-402b49 call 401446 782->783 784 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 782->784 789 402b70-402b73 783->789 784->789 790 402b93 789->790 791 402b75-402b8d call 405f6a WriteFile 789->791 792 4030e3-4030f2 790->792 791->790 796 402384-40238d GlobalFree 791->796 796->792
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                                                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 799 402713-40273b call 406009 * 2 804 402746-402749 799->804 805 40273d-402743 call 40145c 799->805 807 402755-402758 804->807 808 40274b-402752 call 40145c 804->808 805->804 809 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 807->809 810 40275a-402761 call 40145c 807->810 808->807 810->809
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                  • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
                                                                                                                                                                                                                                                                                                  • API String ID: 247603264-1827671502
                                                                                                                                                                                                                                                                                                  • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                                                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 906 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 917 402223-4030f2 call 4062a3 906->917 918 40220d-40221b call 4062a3 906->918 918->917
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                                                  • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                                                                                                                                                                  Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                  • String ID: nsa
                                                                                                                                                                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                  • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                                                  • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                                                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: HideWindow
                                                                                                                                                                                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                                                  • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                                                                                                                                                                  Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                                                                                                                                                                  Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                                                                                                                                                                  Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                                                                                                                                                                  Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                                                                                                                                                                  Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                                                  Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                                                  • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                                                  Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3394109436-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                                                  • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                                                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                                                  • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                                                                                                                                                                  Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                                                                                                                                                                  Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                                                  • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                                                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                                                  • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                                                                                                                                                                  Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                                                                                                                                                                  Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                                                  • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                                                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                                                  • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                                                                                                                                                                  Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                                                  • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                                                                                                                                                                  Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                                                  • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                  • Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                                                                                                                                                                                  • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                                                                                                                                                                  Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID: 82D$@%F$@rD$A
                                                                                                                                                                                                                                                                                                  • API String ID: 3347642858-1086125096
                                                                                                                                                                                                                                                                                                  • Opcode ID: ae95d19a650443c120af7248ec578161461b31874b4e5badf60a47e74a1ad680
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae95d19a650443c120af7248ec578161461b31874b4e5badf60a47e74a1ad680
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                                                                                                                                                                  Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                                                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                                                                                                                                                                  Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                                                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                                                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                                                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                                                                                                                                                                  • \*.*, xrefs: 00406D03
                                                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 2035342205-3294556389
                                                                                                                                                                                                                                                                                                  • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                                                                                                                                                                  Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                  • API String ID: 3581403547-784952888
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                                                                                                                                                                  Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                  • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                  • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                                                  • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                                                                                                                                                                                  Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                                                  • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                                                                                                                                                                                  Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                  • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                                                                                                                                                                  Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                                                  • API String ID: 565278875-1653569448
                                                                                                                                                                                                                                                                                                  • Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                                                                                                                                                                                  • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                  • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                                                  • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                                                                                                                                                                  Function 004028D3 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 100registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32 ref: 004028DA
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004130D8,00000023), ref: 004028FD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?), ref: 004029BC
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                  • Opcode ID: 851f9ae02ebf16e617d7dc7c261c2c3ae114e343f87d589352c7bd3343235263
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4333191c585e2ccbf31537ec3fe99400e108362b2ae8da956978e4ec321c2a22
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 851f9ae02ebf16e617d7dc7c261c2c3ae114e343f87d589352c7bd3343235263
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59319AB2E00208BFDF22AF91CE4699EBF76EB04714F10407BF505701A1D6794B60AB99
                                                                                                                                                                                                                                                                                                  Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                  • API String ID: 3734993849-2769509956
                                                                                                                                                                                                                                                                                                  • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                                                  • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                                                                                                                                                                  Function 004040D3 Relevance: 13.6, APIs: 9, Instructions: 100windowstringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001), ref: 0040419E
                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,?,?), ref: 004041BD
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,?,04010000), ref: 004041CB
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,04010000,?,?,?,00000000), ref: 004041D6
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,?,00000000), ref: 004041E3
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,?,?), ref: 004041F2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00403FE1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001), ref: 00403FF0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 00404004
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$ByteCharMultiWide$AllocButtonCheckColorGlobalItemlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3308522672-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c2e5bf2fee51a3b87e923a3f0ec37a23181173616caa330dd2575270d9358daf
                                                                                                                                                                                                                                                                                                  • Instruction ID: f43bbde6d36b0f8d2302eacd2e434541dff8fa1ace2a4d459b82edc74fb6029a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2e5bf2fee51a3b87e923a3f0ec37a23181173616caa330dd2575270d9358daf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B431B2B1900109BFDB009F64DD85E6E3BA9FB44709F00803AFA05FB2E1D7789A51DB59
                                                                                                                                                                                                                                                                                                  Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                                                  • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                                                                                                                                                                  Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                                                                                                                                                                                  • API String ID: 1033533793-945480824
                                                                                                                                                                                                                                                                                                  • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                                                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                                                                                                                                                                  Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                  • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                                                                                                                                                                  Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00014800,00000064,?), ref: 00403295
                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                                                                                                                                                                  Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404457
                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %u.%u%s%s$@rD
                                                                                                                                                                                                                                                                                                  • API String ID: 3540041739-1813061909
                                                                                                                                                                                                                                                                                                  • Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                                                                                                                                                                                  • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                                                                                                                                                                  Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                  • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                                                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                                                  • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                                                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                                                  • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                                                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                  • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                                                  • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                                                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                  • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                                                  • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                                                                                                                                                                  Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                  • String ID: $@rD
                                                                                                                                                                                                                                                                                                  • API String ID: 3748168415-881980237
                                                                                                                                                                                                                                                                                                  • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                                                  • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                                                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                  • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                                                  • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                                                                                                                                                                  Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                                                                                                                                                                  Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                  • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                                                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                                                                                                                                                                  Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                  • String ID: Version
                                                                                                                                                                                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                                                  • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                                                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                                                  • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                                                                                                                                                                  Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                                                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                  • String ID: !N~
                                                                                                                                                                                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                  • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                                                                                                                                                                  Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Error launching installer, xrefs: 00405C48
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                  • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                                                  • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                                                                                                                                                                  Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                                                                                                                                                                  Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                                                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1527861977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527827026.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527888890.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1527919642.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1528024096.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_H3G7Xu6gih.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                  Signature Coverage:26.6%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:128
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                                                                                  execution_graph 80027 12fe9948624 80033 12fe9948663 80027->80033 80028 12fe994894f 80029 12fe9948764 80037 12fe99487b6 80029->80037 80044 12fe9947e1c 80029->80044 80030 12fe9947e1c 4 API calls 80030->80029 80032 12fe994879d 80053 12fe994771c 80032->80053 80033->80028 80033->80029 80033->80030 80035 12fe99487b2 80035->80037 80038 12fe99487e1 80035->80038 80072 12fe9947d0c GetTokenInformation GetTokenInformation 80035->80072 80037->80028 80068 12fe994573c 80037->80068 80038->80037 80040 12fe99488ca 80038->80040 80042 12fe9948822 80038->80042 80073 12fe99469d8 malloc NtQueryInformationProcess 80040->80073 80057 12fe9948234 80042->80057 80045 12fe9947e66 80044->80045 80046 12fe9947e8b RegOpenKeyExW 80045->80046 80047 12fe9947eb1 RegCreateKeyExW 80046->80047 80049 12fe9947ee5 80046->80049 80047->80049 80048 12fe9947fc0 80048->80032 80049->80048 80050 12fe9947f7d RegSetValueExW 80049->80050 80051 12fe9947f10 80049->80051 80050->80051 80052 12fe9947fb5 RegCloseKey 80051->80052 80052->80048 80054 12fe9947792 80053->80054 80055 12fe9947bf8 CreateMutexExW 80054->80055 80056 12fe99478ab 80054->80056 80055->80056 80056->80035 80058 12fe9948262 80057->80058 80074 12fe99451bc 80058->80074 80061 12fe9948272 80065 12fe99485f8 80061->80065 80078 12fe99464c0 80061->80078 80062 12fe9948338 80063 12fe99484b2 CreateFileMappingW 80062->80063 80062->80065 80064 12fe99484ea MapViewOfFile 80063->80064 80063->80065 80064->80065 80066 12fe994850e 80064->80066 80065->80037 80096 12fe9949218 80066->80096 80069 12fe994576e 80068->80069 80070 12fe994577d GetSystemInfo 80069->80070 80071 12fe9945792 80070->80071 80071->80028 80072->80038 80073->80037 80075 12fe99451f7 80074->80075 80076 12fe99452a9 malloc 80075->80076 80077 12fe99452c0 80075->80077 80076->80077 80077->80061 80080 12fe9946500 80078->80080 80079 12fe9946728 80079->80062 80080->80079 80081 12fe9946522 NtQuerySystemInformation 80080->80081 80082 12fe9946540 80081->80082 80082->80079 80083 12fe994654c NtQuerySystemInformation 80082->80083 80083->80079 80084 12fe9946565 80083->80084 80108 12fe9945fa0 80084->80108 80086 12fe9946573 80090 12fe99466b2 80086->80090 80112 12fe9944888 80086->80112 80089 12fe9945fa0 NtQueryInformationProcess 80089->80090 80090->80079 80090->80089 80091 12fe9945fa0 NtQueryInformationProcess 80095 12fe99465f4 80091->80095 80092 12fe994668d CloseHandle 80092->80079 80092->80095 80093 12fe9944888 2 API calls 80093->80095 80094 12fe994664d GetTokenInformation CloseHandle 80094->80092 80094->80095 80095->80079 80095->80091 80095->80092 80095->80093 80095->80094 80098 12fe994924e 80096->80098 80097 12fe99493f6 80097->80065 80098->80097 80099 12fe99493ed free 80098->80099 80100 12fe99492fe free 80098->80100 80099->80097 80100->80099 80101 12fe9949310 80100->80101 80101->80099 80118 12fe9948ae0 80101->80118 80105 12fe99493ac 80106 12fe99493e5 80105->80106 80107 12fe99493cf CloseHandle 80105->80107 80106->80099 80107->80106 80109 12fe9945ff3 NtQueryInformationProcess 80108->80109 80111 12fe9945fb5 80108->80111 80110 12fe9946015 80109->80110 80110->80086 80111->80109 80111->80110 80113 12fe994489f 80112->80113 80114 12fe99448a7 GetTokenInformation 80113->80114 80117 12fe994490a 80113->80117 80115 12fe99448c9 80114->80115 80114->80117 80116 12fe99448e6 GetTokenInformation 80115->80116 80115->80117 80116->80117 80117->80090 80117->80095 80119 12fe9948b1a 80118->80119 80120 12fe9948bea 80119->80120 80121 12fe9948b26 NtQuerySystemInformation malloc 80119->80121 80129 12fe9948c08 80120->80129 80121->80120 80122 12fe9948b53 NtQuerySystemInformation 80121->80122 80122->80120 80123 12fe9948b6b 80122->80123 80124 12fe9945fa0 NtQueryInformationProcess 80123->80124 80126 12fe9948b79 80124->80126 80125 12fe9945fa0 NtQueryInformationProcess 80125->80126 80126->80120 80126->80125 80133 12fe9945bc8 80126->80133 80138 12fe9945cf4 CreateFileW 80126->80138 80130 12fe9948c3a 80129->80130 80131 12fe9948cb5 CreateProcessW 80130->80131 80132 12fe9948cf4 80130->80132 80131->80132 80132->80105 80134 12fe9945c10 GetLogicalDriveStringsW 80133->80134 80136 12fe9945cd7 80133->80136 80135 12fe9945c28 QueryDosDeviceW 80134->80135 80134->80136 80137 12fe9945c4d 80135->80137 80136->80126 80137->80135 80137->80136 80139 12fe9945d49 80138->80139 80140 12fe9945ead 80138->80140 80139->80140 80141 12fe9945d72 ReadFile 80139->80141 80140->80126 80141->80140 80142 12fe9945d96 80141->80142 80142->80140 80143 12fe9945e39 80142->80143 80144 12fe9945e19 SetFilePointer 80142->80144 80143->80140 80145 12fe9945e93 ReadFile 80143->80145 80144->80145 80145->80140 80146 12fe994c54c 80147 12fe994c576 80146->80147 80148 12fe994c5a8 80146->80148 80147->80148 80149 12fe994c59e LoadLibraryA 80147->80149 80149->80148 80150 12fe994973c 80152 12fe9949756 80150->80152 80151 12fe9949869 80152->80151 80158 12fe994c3fc 80152->80158 80154 12fe99497af 80162 12fe994c440 80154->80162 80156 12fe994982f SetErrorMode VirtualProtect 80156->80151 80157 12fe99497cf 80157->80156 80159 12fe994c436 80158->80159 80160 12fe994c409 80158->80160 80159->80154 80160->80159 80161 12fe994c40f RtlAddFunctionTable 80160->80161 80161->80159 80163 12fe994c457 80162->80163 80164 12fe994c4d0 VirtualFree 80163->80164 80165 12fe994c4e6 80163->80165 80164->80165 80165->80157 80166 12fe9943bc8 80167 12fe9943bde 80166->80167 80169 12fe9943c02 80166->80169 80168 12fe9943bea lstrcmpiW 80167->80168 80168->80169 80170 12fe99439f8 80171 12fe9943a36 80170->80171 80172 12fe9943b03 calloc 80171->80172 80173 12fe9943b1c 80171->80173 80172->80173

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 0000012FE99464C0 Relevance: 7.8, APIs: 5, Instructions: 253nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 71 12fe99464c0-12fe9946506 call 12fe9949568 74 12fe9946731-12fe9946755 call 12fe9949990 71->74 75 12fe994650c-12fe9946546 call 12fe9949568 NtQuerySystemInformation 71->75 75->74 81 12fe994654c-12fe994655f NtQuerySystemInformation 75->81 82 12fe9946565-12fe9946579 call 12fe9945fa0 81->82 83 12fe9946728-12fe9946729 81->83 87 12fe994657f-12fe994658d 82->87 88 12fe99466b2-12fe99466cc call 12fe9941f94 82->88 83->74 92 12fe994658f-12fe9946594 87->92 93 12fe99465d9-12fe99465ee call 12fe9944888 87->93 94 12fe99466ce-12fe99466d1 88->94 92->93 97 12fe9946596-12fe994659d 92->97 93->88 107 12fe99465f4-12fe99465f5 93->107 95 12fe99466d3-12fe99466e2 94->95 96 12fe994671c-12fe994671f 94->96 95->96 105 12fe99466e4-12fe99466fb 95->105 96->83 99 12fe9946721-12fe9946726 96->99 97->88 100 12fe99465a3-12fe99465c8 call 12fe99498f4 97->100 99->94 100->88 111 12fe99465ce-12fe99465d3 100->111 105->96 112 12fe99466fd-12fe9946708 call 12fe9945fa0 105->112 110 12fe99465f7-12fe994660e 107->110 116 12fe9946614-12fe994661f call 12fe9945fa0 110->116 117 12fe994669f-12fe99466a2 110->117 111->88 111->93 118 12fe994670e-12fe994671a 112->118 119 12fe994670a-12fe994670b 112->119 123 12fe9946621-12fe994662b call 12fe9944888 116->123 124 12fe994668d-12fe9946699 CloseHandle 116->124 117->83 120 12fe99466a8-12fe99466ad 117->120 118->83 118->96 119->118 120->110 123->124 128 12fe994662d-12fe994664b 123->128 124->83 124->117 128->124 130 12fe994664d-12fe9946687 GetTokenInformation CloseHandle 128->130 130->124 131 12fe9946689-12fe994668a 130->131 131->124
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Information$Query$CloseHandleSystem$ProcessToken
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2024103940-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c3f3c76c8b2be0d7d44dc3ee33c48ea8b0372aa6c5604e5390e5033e47f04c12
                                                                                                                                                                                                                                                                                                  • Instruction ID: a07fd105f6e072a9070a6d0778cb082b007333dfd1ed1c26730c192f032e5665
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3f3c76c8b2be0d7d44dc3ee33c48ea8b0372aa6c5604e5390e5033e47f04c12
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4719770218B094BEB56EB6898A57AE73F5FBA4340F43053DE846C31A1EE24D866C653
                                                                                                                                                                                                                                                                                                  Function 0000012FE9948AE0 Relevance: 4.6, APIs: 3, Instructions: 137nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationQuery$System$Processmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1267391693-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0766fc6635dd31053b727816442fefa633829422fb4b59d36c68c8cec887e78a
                                                                                                                                                                                                                                                                                                  • Instruction ID: f1bb2fdcf9c876a34dacdb565c5925b0c017eb76fb721ff4099ef5892ddd31c2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0766fc6635dd31053b727816442fefa633829422fb4b59d36c68c8cec887e78a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F31A871308A084FEB5AB66D5CA57FD32D5E7A9311F06013DD94AC31A2EE24DC53C296
                                                                                                                                                                                                                                                                                                  Function 0000012FE9945BC8 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 431 12fe9945bc8-12fe9945c0a 432 12fe9945c10-12fe9945c22 GetLogicalDriveStringsW 431->432 433 12fe9945cd7-12fe9945cf1 call 12fe9949990 431->433 432->433 434 12fe9945c28-12fe9945c4b QueryDosDeviceW 432->434 436 12fe9945c4d-12fe9945c60 434->436 437 12fe9945cbe-12fe9945cc8 434->437 436->437 442 12fe9945c62-12fe9945c7a 436->442 437->437 439 12fe9945cca-12fe9945ccc 437->439 439->433 440 12fe9945cce-12fe9945cd1 439->440 440->433 440->434 444 12fe9945cbc 442->444 445 12fe9945c7c-12fe9945c84 442->445 444->437 445->444 446 12fe9945c86-12fe9945cba 445->446 446->437
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DeviceDriveLogicalQueryStrings
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3173366581-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 44ebf3bb3f659db2baf1671957d6035b84d40f7447c0330e21c1dfb288bbfcca
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f60faa106652a614443752fb0a88b067630f2e23f5f835ece493ebfa106c745
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ebf3bb3f659db2baf1671957d6035b84d40f7447c0330e21c1dfb288bbfcca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31D331558A488BEB62DB54E8947EE73F1FBA4301F02452EE48AC7190EB79DD05C793
                                                                                                                                                                                                                                                                                                  Function 0000012FE99451BC Relevance: 1.6, APIs: 1, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 495 12fe99451bc-12fe99451f5 496 12fe9945201-12fe994520a 495->496 497 12fe99451f7-12fe99451ff 495->497 498 12fe9945216-12fe994521a 496->498 499 12fe994520c-12fe9945214 496->499 497->496 500 12fe9945226-12fe994523e 498->500 501 12fe994521c-12fe9945224 498->501 499->498 502 12fe9945240-12fe9945248 500->502 503 12fe994524a-12fe994524d 500->503 501->500 502->503 504 12fe994524f-12fe9945257 503->504 505 12fe9945259-12fe994525c 503->505 504->505 506 12fe994525e-12fe9945266 505->506 507 12fe9945268-12fe9945276 505->507 506->507 508 12fe9945475 507->508 509 12fe994527c-12fe9945296 call 12fe9941030 507->509 511 12fe9945477-12fe9945487 508->511 509->508 513 12fe994529c-12fe99452a3 509->513 513->508 514 12fe99452a9-12fe99452ba malloc 513->514 514->508 515 12fe99452c0-12fe99452f8 call 12fe99450cc 514->515 519 12fe994546c-12fe994546d 515->519 520 12fe99452fe-12fe994532a call 12fe99498f4 515->520 519->508 523 12fe994532c-12fe9945334 520->523 524 12fe9945336-12fe994533d 523->524 525 12fe994533f-12fe9945345 523->525 526 12fe9945347-12fe9945355 524->526 525->526 526->523 527 12fe9945357-12fe99453c6 call 12fe99438c0 526->527 530 12fe9945463-12fe9945464 527->530 531 12fe99453cc-12fe99453d7 527->531 530->519 532 12fe99453d9-12fe9945409 531->532 534 12fe994540b-12fe9945417 532->534 534->532 535 12fe9945419-12fe9945420 534->535 536 12fe9945422-12fe9945423 535->536 537 12fe994545c-12fe9945461 535->537 538 12fe9945425-12fe994542c 536->538 537->511 539 12fe994544f-12fe994545a 538->539 540 12fe994542e-12fe9945432 538->540 539->537 539->538 541 12fe9945434-12fe994543e 540->541 542 12fe9945445-12fe994544d 541->542 543 12fe9945440 541->543 542->539 542->541 543->542
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6af83e49148454a9c126e9bb0326cc798cd331eab48e5ba6de52cd2e35770390
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B9178316085484BE72E9B6888D13FD77E1F795305F16413EE48BC6292D938D907C792
                                                                                                                                                                                                                                                                                                  Function 0000012FE9945FA0 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1778838933-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8372a0e38f3867df11304b8ec63450110f2b78ac9de9fa3b1429e1ff368c4faf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13017570228A094EEB57EB7898A0BEA73F4F775300F41053D945AC31A1EB26D512C751
                                                                                                                                                                                                                                                                                                  Function 0000012FE9945CF4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 212fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Read$CreatePointer
                                                                                                                                                                                                                                                                                                  • String ID: MZ$PE
                                                                                                                                                                                                                                                                                                  • API String ID: 4132024448-1102611028
                                                                                                                                                                                                                                                                                                  • Opcode ID: ed02993aad010b8f0ed0d0dc1b69872bc261ae90b3cbae546a6cddcfd68a01dd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 279d32826fa0e426a8df33349f1e8e74c4bacb19eb27d13404c773bb9cdf3b49
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed02993aad010b8f0ed0d0dc1b69872bc261ae90b3cbae546a6cddcfd68a01dd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7761C230618A084BEB76EB5898947AD77E1E7A4300F12457DE88EC31A5DF28DC42C793
                                                                                                                                                                                                                                                                                                  Function 0000012FE9947E1C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 188registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateOpenValue
                                                                                                                                                                                                                                                                                                  • String ID: @$@
                                                                                                                                                                                                                                                                                                  • API String ID: 776291540-149943524
                                                                                                                                                                                                                                                                                                  • Opcode ID: 62d38529be31c1c4406cadae21aaf7dda888b7df0d9feabcaf499976726d02fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 773efac6eea508a363a8ee20f5a847d161f47337d35a107a3befba183a835d6c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62d38529be31c1c4406cadae21aaf7dda888b7df0d9feabcaf499976726d02fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35519331618B0C4FD755EF6888D96AEB7E1F7A4301F424A3EE48AC3261EF749856C642
                                                                                                                                                                                                                                                                                                  Function 0000012FE9949218 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free$CloseHandle
                                                                                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                                                                                  • API String ID: 4080011421-3772416878
                                                                                                                                                                                                                                                                                                  • Opcode ID: 19bd0e1f4c380038fc96e62ce33c6398c15e8ead9e9bc0b200304ba1120fbf6f
                                                                                                                                                                                                                                                                                                  • Instruction ID: a2e5578fe7e38f7d02c7c1fd3e9dd3d0de97fb8695658ee34bd96acd6bd48b7f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19bd0e1f4c380038fc96e62ce33c6398c15e8ead9e9bc0b200304ba1120fbf6f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6051A53060CB094BEB66EB68D8D57EEB3E1FB95310F05453DE44AC3291DA74E852CB91
                                                                                                                                                                                                                                                                                                  Function 0000012FE994573C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 168 12fe994573c-12fe994578d call 12fe99498f4 GetSystemInfo 172 12fe9945819-12fe994581e 168->172 173 12fe9945824-12fe9945831 172->173 174 12fe9945792-12fe99457b5 call 12fe99498f4 172->174 178 12fe99457c0-12fe99457c8 174->178 179 12fe99457b7-12fe99457be 174->179 180 12fe994580c-12fe994580d 178->180 181 12fe99457ca-12fe99457d2 178->181 179->172 183 12fe9945811-12fe9945817 180->183 181->180 182 12fe99457d4-12fe99457d9 181->182 182->180 184 12fe99457db-12fe99457e8 182->184 183->172 185 12fe99457f8-12fe99457fb 184->185 186 12fe99457ea-12fe99457ed 184->186 185->183 188 12fe99457fd-12fe9945808 185->188 186->185 187 12fe99457ef-12fe99457f6 186->187 187->183 187->185 188->180
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                  • String ID: 0$@
                                                                                                                                                                                                                                                                                                  • API String ID: 31276548-1545510068
                                                                                                                                                                                                                                                                                                  • Opcode ID: a88bb02aead4fe52cd93ba064d7017a54b9761c38897babe54b5f79178871d7e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 550f9b643f15db50677f1d7e2630409bffdfb9eaf1e19f69422d100863ecd8bb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a88bb02aead4fe52cd93ba064d7017a54b9761c38897babe54b5f79178871d7e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE31B631218F088BEB57E758D8D57AEB3E1F7A4344F52463DE04AC3250DA64D856C793
                                                                                                                                                                                                                                                                                                  Function 0000012FE99439F8 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: calloc
                                                                                                                                                                                                                                                                                                  • String ID: 0$@
                                                                                                                                                                                                                                                                                                  • API String ID: 2635317215-1545510068
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e579be77159963f23b7a6aee61d5d767583c1faaf223818a1d0d66f61b70a4e
                                                                                                                                                                                                                                                                                                  • Instruction ID: c05b8882ceaa32f7ad2e871cb6b5262ef13a738227c690f2baf54487b5f07115
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e579be77159963f23b7a6aee61d5d767583c1faaf223818a1d0d66f61b70a4e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C951C430618B084FE796EB68D4997BE77E1EBA4340F15417EE849C32A1EF34C845C792
                                                                                                                                                                                                                                                                                                  Function 0000012FE994771C Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 371COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: NJI@
                                                                                                                                                                                                                                                                                                  • API String ID: 0-1894075864
                                                                                                                                                                                                                                                                                                  • Opcode ID: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 92b1f23c2e121d75841aece2f8e63503320c9355de6fc028c6f37d84580b35e7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBE14E7051C7D48BD7769B2998953EBBBE0FB99301F01492EE4CAC2291EB349502CB93
                                                                                                                                                                                                                                                                                                  Function 0000012FE9948234 Relevance: 3.4, APIs: 2, Instructions: 392fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 310 12fe9948234-12fe9948278 call 12fe99451bc 314 12fe994860f-12fe9948622 310->314 315 12fe994827e-12fe99482b2 call 12fe9941f50 call 12fe9944f54 call 12fe9941f2c 310->315 315->314 322 12fe99482b8-12fe99482d1 315->322 323 12fe9948333-12fe9948371 call 12fe99464c0 call 12fe9941f2c 322->323 324 12fe99482d3-12fe99482e6 call 12fe9941500 322->324 343 12fe9948606-12fe9948607 323->343 344 12fe9948377-12fe99484e4 call 12fe9941030 * 2 call 12fe9941f50 call 12fe994940c call 12fe9941f50 call 12fe994940c call 12fe9941f50 call 12fe994940c call 12fe9941f50 call 12fe994940c call 12fe9941f50 call 12fe994940c call 12fe9941f50 call 12fe994940c call 12fe9941f2c CreateFileMappingW 323->344 330 12fe9948308-12fe994830d 324->330 331 12fe99482e8-12fe99482eb 324->331 333 12fe9948323-12fe9948326 330->333 334 12fe994830f-12fe9948310 330->334 331->330 332 12fe99482ed-12fe99482f1 331->332 332->330 336 12fe99482f3-12fe99482f5 332->336 333->323 338 12fe9948328-12fe994832c 333->338 337 12fe9948312-12fe9948315 334->337 336->330 340 12fe99482f7-12fe9948306 336->340 337->333 341 12fe9948317-12fe9948321 337->341 342 12fe994832e-12fe9948331 338->342 340->342 341->333 341->337 342->323 342->324 343->314 344->343 377 12fe99484ea-12fe9948508 MapViewOfFile 344->377 378 12fe99485fd-12fe99485fe 377->378 379 12fe994850e-12fe994856f call 12fe9941030 * 3 377->379 378->343 386 12fe9948571-12fe9948582 call 12fe9941030 379->386 387 12fe9948587-12fe994858f 379->387 386->387 389 12fe9948591 387->389 390 12fe9948598-12fe99485f3 call 12fe9941f50 call 12fe9949218 387->390 389->390 395 12fe99485f8 call 12fe9941f2c 390->395 395->378
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3452162329-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c601f1478ab9137d9275349cd9da242e2fbd05faee214597b51a1edf8909ebdf
                                                                                                                                                                                                                                                                                                  • Instruction ID: c647ca047c2ee3c7ac758f72e75276976b9804e657c36dba7486900a77accd20
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c601f1478ab9137d9275349cd9da242e2fbd05faee214597b51a1edf8909ebdf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EC19630618B084BEB5AEF2898D56EE73E1E7A4300F12467DD44AC32A6EF34D417C791
                                                                                                                                                                                                                                                                                                  Function 0000012FE994973C Relevance: 3.1, APIs: 2, Instructions: 117memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual$ErrorFreeFunctionModeProtectTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3431440644-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                  • Instruction ID: c5b492442ac13cadf93e6b594965c0b1aeb5b82b36b9411f40bf89e2d756598f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA316330208A484BEB57FB69D8D5BDD73E5EBB4304F42053DA44AC72A2EE24D952C792
                                                                                                                                                                                                                                                                                                  Function 0000012FE9944888 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 449 12fe9944888-12fe99448a1 451 12fe994492f-12fe9944937 449->451 452 12fe99448a7-12fe99448c7 GetTokenInformation 449->452 452->451 453 12fe99448c9-12fe99448d2 452->453 453->451 455 12fe99448d4-12fe99448e4 453->455 455->451 457 12fe99448e6-12fe9944908 GetTokenInformation 455->457 458 12fe9944926-12fe9944927 457->458 459 12fe994490a-12fe9944924 457->459 458->451 459->458
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationToken
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4114910276-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0588b5df070fd58e483b9259e8b7792c754254eeb870b8f27a2360e8991485ad
                                                                                                                                                                                                                                                                                                  • Instruction ID: 87d806b522b5ec1f8b7344e24ee60d48189dacca4f7c2cb508229f2c99a876fd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0588b5df070fd58e483b9259e8b7792c754254eeb870b8f27a2360e8991485ad
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A411BE302086488FDB49EF64D8D8A6ABBE2FB94306F11493DE486C3268DF34D845DB52
                                                                                                                                                                                                                                                                                                  Function 0000012FE9948C08 Relevance: 1.7, APIs: 1, Instructions: 157processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 462 12fe9948c08-12fe9948c94 call 12fe9945f90 * 4 472 12fe9948c96-12fe9948ca8 462->472 473 12fe9948d02-12fe9948d04 462->473 472->473 479 12fe9948caa-12fe9948cb3 472->479 474 12fe9948dab-12fe9948dae 473->474 475 12fe9948db4-12fe9948dd6 call 12fe9941f2c call 12fe9949990 474->475 476 12fe9948d09-12fe9948d22 474->476 484 12fe9948d24-12fe9948d3b 476->484 485 12fe9948da2-12fe9948da8 476->485 479->473 482 12fe9948cb5-12fe9948cf2 CreateProcessW 479->482 486 12fe9948cf4 482->486 487 12fe9948cfa-12fe9948cfc 482->487 484->485 490 12fe9948d3d-12fe9948d46 484->490 485->474 486->487 487->473 487->475 490->485 491 12fe9948d48-12fe9948d96 490->491 493 12fe9948d9e-12fe9948da0 491->493 494 12fe9948d98 491->494 493->475 493->485 494->493
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2cfda130ca864b08787e99a1628f67eedfe46d1a9f14ab55541b67a143a70abc
                                                                                                                                                                                                                                                                                                  • Instruction ID: a205e2985d3cab6a1e5425eb82b1a195830a8444e3d12a75feedf9bb9e3dde2f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cfda130ca864b08787e99a1628f67eedfe46d1a9f14ab55541b67a143a70abc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D518271608B088FE7A6DF29C8957EEB7E5FBA4305F52093EE18AC2160DB348541CB16
                                                                                                                                                                                                                                                                                                  Function 0000012FE994C54C Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cbfd10bf519f759a0491d3574df5f23d4a25918585a5825a2e837e61d683de1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A701C830228A084FE756EB29C4957FE72E5F768305F52453DA48AC22A1FA28C955C752
                                                                                                                                                                                                                                                                                                  Function 0000012FE994C3FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 36ebb8551405ab402fb9baea8a3cc074c161fc2652fbf5a3c18d23fc79acd59a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 14a1586d91583b204b058bbe024f1712077d801a01b5f609a43cdb3d6878dc8e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36ebb8551405ab402fb9baea8a3cc074c161fc2652fbf5a3c18d23fc79acd59a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E012342114055FEBA9D61DC95D3E436E0E79C316FA1427D9800C62A1DB79C497CB91
                                                                                                                                                                                                                                                                                                  Function 0000012FE994C440 Relevance: 1.4, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                  • Instruction ID: 63f983b6de7e4b74d97b56cfdb7d4cf0efdc5a8e5a5d75a483ba8ab80dfca889
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31A530218A094FEB5AEF19D4A4BB573E1FB6C301F12417DD80EC32A6EA34D841C790
                                                                                                                                                                                                                                                                                                  Function 0000012FE9943BC8 Relevance: 1.3, APIs: 1, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792297747.0000012FE9941000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000012FE9941000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_12fe9941000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a0af192e1af5873e85483dd5f9c4e341c1f52dd0e7b6e198baf83ae37914d60
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F21AC307509084FFB97A7789CA67AD36E5E7A4301F4642BD9807C21BAEE348812C751

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F4364 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                  • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1994b040df7bcaa9eabea0218080e844f4ef20aa400ad816bcc9c45914f164a6
                                                                                                                                                                                                                                                                                                  • Instruction ID: b72354a59d1e005e2ed23b3ba7640b42ae9dab78a01c94b19dc6c29c4327853a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1994b040df7bcaa9eabea0218080e844f4ef20aa400ad816bcc9c45914f164a6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6241BB65B0A51153F7146F21A81863AF2B2BFD8B82FC2C078C80A93B70DE3DD41D4751
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D8790 Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3372153169-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a52db60d96683ae5167440ae9686500b34fe88f611b94659a0c05ff1f19a1373
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8062543e9360a9ee4e77c713ee62950864ce79a6d263f4fa2ee525118eb45f7e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a52db60d96683ae5167440ae9686500b34fe88f611b94659a0c05ff1f19a1373
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4229162A0B542D9FB60AF25D45427DB771FB84B94FA64135CA1E876B4DF3CE8A0C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D2820 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                  • Opcode ID: 22bf8f5eff2e45e1177610d568fa883e96c73c6f7677b33bea6826eb6c4db9aa
                                                                                                                                                                                                                                                                                                  • Instruction ID: cd79bfce1e28b53229cc6bfefe2e5fb939536cc84a336d035901ee60c6e7c6de
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22bf8f5eff2e45e1177610d568fa883e96c73c6f7677b33bea6826eb6c4db9aa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD18F76A066029FEB54EF38D8506ACB7B1FB84758F914139DA0E83AA4DF3CE464C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D4528 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                                                                  • API String ID: 0-3110715001
                                                                                                                                                                                                                                                                                                  • Opcode ID: a1fc6bb4c017ecfb022866c81c1012e8c25de5f238352e173404b9bdaf33e861
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f76dbfddbddffe98040a3f20c22ccd176a5629fdcef98b1820f059e2036e726
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1fc6bb4c017ecfb022866c81c1012e8c25de5f238352e173404b9bdaf33e861
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28A1D372A0A6419AF764EF25D4042A9F770FF94B84FD28135DA4E83AA4CF7CE925C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9912290 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                                                                                                  • String ID: -$:$:$?
                                                                                                                                                                                                                                                                                                  • API String ID: 3440502458-92861585
                                                                                                                                                                                                                                                                                                  • Opcode ID: 92822d708f53ba3dc96aaad2734b3637ebae0f36d94d78d477610735c797914a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b833e24a89feb5d023606003c417cc128403ca65bef56fdcda67481724209ab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92822d708f53ba3dc96aaad2734b3637ebae0f36d94d78d477610735c797914a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE11932A0A252AAE7A0BF35D8401ADB770FBC4794FD64135EA4DC3AA5CF3CD4618720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D3B64 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A98D3BA6
                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A98D3BBB
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A98D3C35
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D2BEC: GetFullPathNameW.KERNEL32(?,00007FF7A98D3C67,?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A98D2C4D
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A98D3CCC
                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32 ref: 00007FF7A991AA96
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A991AAE3
                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?,?,?,00007FF7A98D2BC1), ref: 00007FF7A991AB6A
                                                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32 ref: 00007FF7A991AB91
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: GetSysColorBrush.USER32 ref: 00007FF7A98D3D06
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: LoadCursorW.USER32 ref: 00007FF7A98D3D16
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: LoadIconW.USER32 ref: 00007FF7A98D3D2B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: LoadIconW.USER32 ref: 00007FF7A98D3D44
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: LoadIconW.USER32 ref: 00007FF7A98D3D5D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: LoadImageW.USER32 ref: 00007FF7A98D3D89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3CEC: RegisterClassExW.USER32 ref: 00007FF7A98D3DED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3E24: CreateWindowExW.USER32 ref: 00007FF7A98D3E74
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3E24: CreateWindowExW.USER32 ref: 00007FF7A98D3EC7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D3E24: ShowWindow.USER32 ref: 00007FF7A98D3EDD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D477C: Shell_NotifyIconW.SHELL32 ref: 00007FF7A98D4874
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                                  • API String ID: 1593035822-2030392706
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b2e34a7381e4e35feefe2342ee61d9da47ff135a521147e2ec28fd6c13dfd44
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e8919b4ebc8482d02dddfac73facb2deac188ea0513e52a39f1274be7b4c534
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b2e34a7381e4e35feefe2342ee61d9da47ff135a521147e2ec28fd6c13dfd44
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D614D61A1F683B9EA10BF20E8401F9E371BF85354FC20076D48D865B6DE2CE639C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997AE10 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0640e42022e33a737d8eb2def458af6152ae9067368d775b9534069338d73c9b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 838aa28db93723e756455a1117133bfcd9d13dcc26e9be30c39cb612878c8c2a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0640e42022e33a737d8eb2def458af6152ae9067368d775b9534069338d73c9b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1871C336609A81A6E720EF65E8406EDB770FBC8B94F824036DA4D83B65DF3CD196C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D24D4 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ColorProc$LongWindow
                                                                                                                                                                                                                                                                                                  • String ID: +
                                                                                                                                                                                                                                                                                                  • API String ID: 3744519093-2126386893
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3425f7cae65ff3b8154dcce6daa2999f053df4a4d3f6ea96a2573c11bc76522f
                                                                                                                                                                                                                                                                                                  • Instruction ID: bb7ac4327bc182c1d69a085856ce4015e98db9447e4874711b7bae104a611102
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3425f7cae65ff3b8154dcce6daa2999f053df4a4d3f6ea96a2573c11bc76522f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79E1F161A0F24686E6B07F2969442B9E671BB85BC0FD64239D84DC7BF5CE3CE4318720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9968CB0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c1a4e62a646acb0bd1b5f4cc6a62ef7cbaeb95efe67bf12c35b99f614103513
                                                                                                                                                                                                                                                                                                  • Instruction ID: a7f3bf611582b42e56a781f479a9175d1ed48bf3d8cc494219e627aa8e6279a7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c1a4e62a646acb0bd1b5f4cc6a62ef7cbaeb95efe67bf12c35b99f614103513
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EE1F532A05B82A6EB10EF25D4402ADB7B0FB88798F924136DB4D87B64DF3CD565C711
                                                                                                                                                                                                                                                                                                  Function 00007FF7A995368C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                  • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                  • Opcode ID: d5206061f2b3ac5e17ee2dd1b5fd8c27282f55e584baf03c5003c8e6f72eae5e
                                                                                                                                                                                                                                                                                                  • Instruction ID: c00c1eda2f97cf06f2dc0d577b9bb7767e180e25c2bae3bec9555ec57743e007
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5206061f2b3ac5e17ee2dd1b5fd8c27282f55e584baf03c5003c8e6f72eae5e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51219076A09B4192EB109F22E044A2AA3B4FBC9F85F454035DE4D83B64EF3DE419C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D5C44 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1568231622-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79e0420c2984852e5f59fe1e813506d9fafb4aaa62b9c0ac84c7f4c88eda00f4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4433158be71419baac55d202b26b9c53f22a7ac36025cd4ee38c6ebaa9a321fe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e0420c2984852e5f59fe1e813506d9fafb4aaa62b9c0ac84c7f4c88eda00f4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87C17021E0F282FDFA61AF14AC00176A771AF99780FD64076D44DC26B5EE6CA530DB72
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9907DFC Relevance: 9.2, APIs: 6, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1405656091-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e809ee0917d980967337eb290ae9f657cbcc700f628c2feb101ff6f2151edd5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 657e40adeff2cdb991432216e2dd0449f991cb2917eae26933d9fb03175c629b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e809ee0917d980967337eb290ae9f657cbcc700f628c2feb101ff6f2151edd5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D812D72F062469BEB98AF35C9013B866B1EB94784F858035DB0DCEB95EF3CE4218710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990AD08 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1a2dea820685187a1b1ee23aeb9defc365f229fa0d1b3730a4ebbe8088e0426
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a53dbe5efa32cd3e04ec073a9d0752b175cb7e675778c49a8c7e92cd22c9e0e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1a2dea820685187a1b1ee23aeb9defc365f229fa0d1b3730a4ebbe8088e0426
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8931A176609B8196EB609F24E8402EDB3B0FBC4754F914139EA9D83B64DF3CC565CB10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99076EC Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _handle_error
                                                                                                                                                                                                                                                                                                  • String ID: !$VUUU$fmod
                                                                                                                                                                                                                                                                                                  • API String ID: 1757819995-2579133210
                                                                                                                                                                                                                                                                                                  • Opcode ID: 06f58ab4aaca2128c338277b14f38b089639c2a9de57a5825e67876a1165aa04
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1c1382ddd2f8a7206c72a32f8e16c3e56e631cce6fb419da18dbb28bb2228179
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06f58ab4aaca2128c338277b14f38b089639c2a9de57a5825e67876a1165aa04
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8B10722A19FC444D6E39E3454513BAF269AFEA3A1F51C332E95E75A70DF2CA492C600
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9912BB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A9912BF0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A990AF34: GetCurrentProcess.KERNEL32(00007FF7A990B0A5), ref: 00007FF7A990AF61
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: *$.$.
                                                                                                                                                                                                                                                                                                  • API String ID: 2518042432-2112782162
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4bc727eecd12c05f0579dc3a47633661258e4e13a894efe955ef075ebd1ec7be
                                                                                                                                                                                                                                                                                                  • Instruction ID: 892e408bb95bed7fab8b95bbcb90c9e85d1160531c408bbb0090e6b57e03fe30
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc727eecd12c05f0579dc3a47633661258e4e13a894efe955ef075ebd1ec7be
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9651F362F12A5599FB50FFA5D8001BDA3B4BB84BC8FA64535CE1D97B94DF38D0628310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F5A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7A98F5AC3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8c783dfea8ab590eafe6bbf95db9fdce1a8e48e032f2d75969754b32e98ee1d6
                                                                                                                                                                                                                                                                                                  • Instruction ID: db805b1170063fea49a727cb3ffb9eb322915ef59703f5f213bd41078e1da610
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c783dfea8ab590eafe6bbf95db9fdce1a8e48e032f2d75969754b32e98ee1d6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37115B66616B42A6E704AF22D6543B9A3B4FF58345F819139C64D82AA4EF3CE0788720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994C46C Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b4230e9694d6db5a2454d9ccaa2f058036f57f1eebbf8966ac4aac68c055cdad
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8bc6268d13534ca4ddb58c9a7c6ad3326f8e74d54918ea90f51277c9ba4f4fac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4230e9694d6db5a2454d9ccaa2f058036f57f1eebbf8966ac4aac68c055cdad
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C417F26A1A68295E710FF21E4405AEF370FBC4B84F964076EA4E83765EF7CE525C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A993DB9C Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 788e580e6745dde0bf41f1c5252257a7cd520450013a93ceb3609c7d43dd0201
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d2ed4cb4e7ee18bbe0fc97072edce27cb83a8282256c9af05ee7db23af1ff99
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 788e580e6745dde0bf41f1c5252257a7cd520450013a93ceb3609c7d43dd0201
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B0180736247818FE7108F20E4553AA73B0F75476FF410929E64D82A98CB7DC168CB80
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990BD88 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF7A99045EC,?,?,00000000,00007FF7A9904669,?,?,?,?,?,00007FF7A9952A9C), ref: 00007FF7A990BDCF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$FileSystem
                                                                                                                                                                                                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                                                                                  • API String ID: 2086374402-595813830
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cedaef733c3405ac1024c3932ca1efceb4464d78796a11057d5787a90ded12e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 29edcefcc9137006f9ceabb8ecea5581d116396f2c180a2794a5e3a8f4ec770b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cedaef733c3405ac1024c3932ca1efceb4464d78796a11057d5787a90ded12e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F01C90A1A647A1FE45BF51F8505B4E230AF847C1FCA9439D91E46375DE3CD4688320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9954124 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b3400b2d7958dcf7bb5d83233e54855c88d8e6a6dc818cc5e4bd19195bd4ddd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 39741464d6af808dccdbc6d7c2eddf23eb9f9fd20f2eb48dd50e8d12efa3f7c9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b3400b2d7958dcf7bb5d83233e54855c88d8e6a6dc818cc5e4bd19195bd4ddd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF0A46170D64291E760AF25F8446AAE372FFD8790F518134EB5D82BB5DE3CC0688B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99141A8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 240d552e835f2b25362e23fc86050fbc2e15662c94a0908d5121eb02f9075e07
                                                                                                                                                                                                                                                                                                  • Instruction ID: 782f52ad51bc2e39229a523a2658d408cbda288f0d98593a27479bdd6d336aaa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 240d552e835f2b25362e23fc86050fbc2e15662c94a0908d5121eb02f9075e07
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1B09224E0BA46D2EA083F156C86214A2B47FC8701FDA8178C00CC0330DF2C20B95721
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990FBB0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 487ac93962f4c08a726fa4f1cbcf22742163b5770d24f742e327d9c4be1ea4b1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 107df57dc3864bac2a70c372fbfdae190a63c668425ac48f235dd89f066aa963
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 487ac93962f4c08a726fa4f1cbcf22742163b5770d24f742e327d9c4be1ea4b1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F068717292659AEB95EF2CE84262977E4F748380F908039DA8DC3B54DA3D90B18F14
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F5850 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f6d893820d0fab81262624eeca4fcab017bbf27f8cb14a3bd45f903649d3583
                                                                                                                                                                                                                                                                                                  • Instruction ID: 884b6bac99618791e12d0c9cc19933743634399ad5631b8b528929b775aabfaf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f6d893820d0fab81262624eeca4fcab017bbf27f8cb14a3bd45f903649d3583
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFA001AA91A80AE4E644AF01A950031A770ABA0305BC654B5E01D810B0AE3CA8748225
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997F0C0 Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3521893082-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f6b3e33df0b6fd49e851f84cb0d7e1a0081305ee093791da2a064367007aa246
                                                                                                                                                                                                                                                                                                  • Instruction ID: 83ec83bc2fe0989bf2b2c7190bc68862675bed5137288e22cf110b89b29cdaf7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6b3e33df0b6fd49e851f84cb0d7e1a0081305ee093791da2a064367007aa246
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BA1E576F05A1196FB14AF61D88457CA371BB88B65F814338CE2E93BA4DF3CD4988760
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997F418 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e7723dbef953c17b05f3a04d1756e8a1bd39c10ad02639bf65342523599ff9cc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 597a96e8c123badd0bb7e8241f2ba1300034119eb2bd4941059251259395c18a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7723dbef953c17b05f3a04d1756e8a1bd39c10ad02639bf65342523599ff9cc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A471A476A09A4196E714AF11E88467AF371FBC8BA1F418238DD5E83BA4DF3CD458CB11
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D2340 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Color$LongWindow$ModeObjectStockText
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 554392163-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cc65a1f5085739bdf730f5a57d68a81d83072d1dd34cd411bf68f0558776c384
                                                                                                                                                                                                                                                                                                  • Instruction ID: d67a78d7c33978e33ff20f6a3071425ae0a3839e8f873fb40c4a8b45df455f1a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc65a1f5085739bdf730f5a57d68a81d83072d1dd34cd411bf68f0558776c384
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0812761D0F61391FAA0AF259448279E3B2BF85761FD64275CD5E832B4DE3CA8668310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99819D4 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                  • API String ID: 2091158083-3440237614
                                                                                                                                                                                                                                                                                                  • Opcode ID: a6383f7ad2c15784484526503c134a2164f43bfe7e3a3a9e6e3dd31a7eae073a
                                                                                                                                                                                                                                                                                                  • Instruction ID: c67ef2177c1ad679c829ccf243e7e68bb7fff950f2b92eaf0ea948824bdf9476
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6383f7ad2c15784484526503c134a2164f43bfe7e3a3a9e6e3dd31a7eae073a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61718F72619A82A6E710EF25E8407E9E330FBC4794FC14036DA4E87AA9DF7CD169C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9980898 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                                                                                                                                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                  • API String ID: 258715311-1154884017
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6a1298940e1642c5f8eac90391968d97117fa4591b4f58ce6483caa2bbefa5f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8a4dc3990c012be3cc8df97ae8c256c9ec5f5d4a07669d5bc213a8fa63eba43
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a1298940e1642c5f8eac90391968d97117fa4591b4f58ce6483caa2bbefa5f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC710472A0AA1292EB60AF21D4046BDE2B0FB84B95F864639DD1E877B4DF3CD4648310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9980B50 Relevance: 22.6, APIs: 15, Instructions: 131filememorywindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$#418AllocCopyDeleteFreeImageLockMessageReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2779716855-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ce09494ab24ac1ed07fa16ca7819eb05e9d682ed7dc52cd5bd0682f6ced3240
                                                                                                                                                                                                                                                                                                  • Instruction ID: 281f9d25de246526cfc67a10eb4c1ec69e34e6f27e33c523bb99540bc82828f7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ce09494ab24ac1ed07fa16ca7819eb05e9d682ed7dc52cd5bd0682f6ced3240
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6051907AB06B0196EB14DF62D804AACB3B0FB88B95B918139DE1E83B24CF3DD415C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99515FC Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                  • API String ID: 0-3931177956
                                                                                                                                                                                                                                                                                                  • Opcode ID: 38560f2f3fa774d15aa6a8c65f2969727263349bd26c7da2756ce7c29d18a3b4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 12871c9c0317d079458c36632fd020b374f3edb17fa569c430358a414ca9a589
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38560f2f3fa774d15aa6a8c65f2969727263349bd26c7da2756ce7c29d18a3b4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30024366A0A602B5F668BF65C1D417DA3B0EF84B40F8A4535C60F876A5EF2CE579C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A993B6A8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                  • API String ID: 0-2785691316
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3cbbc719979583f5783d410f4d2771c0b32c38c29e3e03eccb0298c3601c94f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16619384db2157f878665e4c12f4f38fa4fb0c72793735fa30c0b1ded10df821
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cbbc719979583f5783d410f4d2771c0b32c38c29e3e03eccb0298c3601c94f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE519776B169129AFB04EF21D8906BDB770FBC4B89F824039DA0E87665DF38D059C310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994AA78 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                                                                  • API String ID: 1460738036-3110715001
                                                                                                                                                                                                                                                                                                  • Opcode ID: bc901e50a334b4a7c78d094858a5c527965ee132f71a92aa0f5dc32a9aa332c1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 033a0242f5a3f9dbce885f71ad448444372c0e920e979eb26e7feb8d49fa25b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc901e50a334b4a7c78d094858a5c527965ee132f71a92aa0f5dc32a9aa332c1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63711526A0F5426BF752EF2194002FDE775BBC0749F9A4035CA4E876A5CE7DE4A9C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9953C14 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LoadStringwprintf
                                                                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 3297454147-3080491070
                                                                                                                                                                                                                                                                                                  • Opcode ID: b1c87d20e2fab5ea52848e67197744439dd02fd7dad917650ee75d30fdaea2ed
                                                                                                                                                                                                                                                                                                  • Instruction ID: b192515933e1938783b373f98f9942fecf68dda8a111c855b1035aa8d33585a8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1c87d20e2fab5ea52848e67197744439dd02fd7dad917650ee75d30fdaea2ed
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC617021A1A652A6EB00FF25D8415EDA371FBC4744FC10072EA4D87ABADF3CD52AC720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9947A88 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 4051287042-2268648507
                                                                                                                                                                                                                                                                                                  • Opcode ID: 62d3efdd22561061cae8cb835c91bde9e20e159738d326f93298747da2c55c00
                                                                                                                                                                                                                                                                                                  • Instruction ID: a0b6c5bff4d1bb3a1fe7edbb05982b44e1a6960c90c0948d738906f801a1ad31
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62d3efdd22561061cae8cb835c91bde9e20e159738d326f93298747da2c55c00
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5519162B1AA52A1EA00FF60E8414ADE371FFD0744FC24072E94D876AADF7CD52AC750
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D15EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1974058525-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c5a335280972faf6a49444eab98031eca0eed2acb66a1a220016335a9642b9bc
                                                                                                                                                                                                                                                                                                  • Instruction ID: fcebb10cbcc8f998ba168f8a25c156dfd87d25b577c5b264992d011f27b46de8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5a335280972faf6a49444eab98031eca0eed2acb66a1a220016335a9642b9bc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8915925A0BA0299FF54AF55E890678A370BF88B84FDA4075C94EC77B5CE3CE4758720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D1504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                                                                  • API String ID: 1268354404-3110715001
                                                                                                                                                                                                                                                                                                  • Opcode ID: 65985f514fe282cf7fc84508a366ad01552345b2107e3be222cdfd0a1f15b60d
                                                                                                                                                                                                                                                                                                  • Instruction ID: cf6ab8b08685390415a33500b455eefc73975359ffd19c5962f88dac8fd62239
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65985f514fe282cf7fc84508a366ad01552345b2107e3be222cdfd0a1f15b60d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F761C235A0A6019EFB54AF25E840679A7B1FF88B98F954175DD0E83BB4DF3CE4608710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9953E90 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LoadStringwprintf
                                                                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 3297454147-2391861430
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4b4e83561d4c394d035cfda00e0b77968df2470a98dc572cfda11644b6d54e6e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 978446409255260b7dd64c44bcabc603281535c33a7f5efed8f1d51230ef8fb3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b4e83561d4c394d035cfda00e0b77968df2470a98dc572cfda11644b6d54e6e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8716022A1A652A6EB00FF65D8404E9E371FF84744FC10032EA4D876A9DF7DE52AC750
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B590 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                                                  • API String ID: 3821898125-2160076837
                                                                                                                                                                                                                                                                                                  • Opcode ID: c03bc4cbd0e80d437ddc16db197f3997b0fadd0aa29a366dc6835b7237bf8b41
                                                                                                                                                                                                                                                                                                  • Instruction ID: 64f035a9cc0c3bf4083b8925444bb608fef88b01dc21600739692b6e1229e452
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c03bc4cbd0e80d437ddc16db197f3997b0fadd0aa29a366dc6835b7237bf8b41
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44418B7660978196E7209F25E444B5AF3B0FB88791F918239DA9D83BA8CF3CD455CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D4B64 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                                                                                                                                                                                                                                  • API String ID: 2667193904-1575078665
                                                                                                                                                                                                                                                                                                  • Opcode ID: 62e5a476b600ec05f0d2790c9d0efbf7d7efba7b32e8e3b7640c97021270d09d
                                                                                                                                                                                                                                                                                                  • Instruction ID: ed2901d8e6c45d8e4d94082a3c39eede5d3035dafe722cb145267a4e490b5f8a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62e5a476b600ec05f0d2790c9d0efbf7d7efba7b32e8e3b7640c97021270d09d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D915922A1AA42A9EB10AF24E8401BDE374FFD4744FD24236E54D87AB9DF7CD165C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D43D8 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                  • Opcode ID: c8a61ef6ba8fcfb5c434e9d74e70d64f9c97e8120f793cf46b099463dba2e8ac
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5fdc1f023f513bc5e39daaf2a1132bff444e7c85dcdc606131943f49a8ad423e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8a61ef6ba8fcfb5c434e9d74e70d64f9c97e8120f793cf46b099463dba2e8ac
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40516B21D0F643A9FA60BF28E8441B9E2B2AF94B40FD64175D44DC26F2DE6DE5788730
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990D394 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-2617248754
                                                                                                                                                                                                                                                                                                  • Opcode ID: ded73e00c8e6cc6561cc55327789767f53a96699fca3135d68715b719835a39c
                                                                                                                                                                                                                                                                                                  • Instruction ID: aa88d79eb07bce61ca0ab8aee4237e50efc23236060ef2dc4ef79434ba151489
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ded73e00c8e6cc6561cc55327789767f53a96699fca3135d68715b719835a39c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F141CE72A06B40A9EB40EF60E8517AD73B4EB44388F82453AEE5C83BA4DE3DD025C350
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9947CB0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadMessageModuleStringwprintf
                                                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                  • API String ID: 4007322891-4153970271
                                                                                                                                                                                                                                                                                                  • Opcode ID: afe30fabcc8c2b5dfb3624d463207571e08e071ef3068ceab152869195660280
                                                                                                                                                                                                                                                                                                  • Instruction ID: 88202b6f33325f18673fbd46cff37eb7da1f237c08ab7ec7ddf5035bc706aaf6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afe30fabcc8c2b5dfb3624d463207571e08e071ef3068ceab152869195660280
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56318571A1AA42A2DB10FF15E4445A9E371FFC4B84FC14072EA4D87669DF3CD529C750
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D3EF8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                  • API String ID: 2914291525-2659433951
                                                                                                                                                                                                                                                                                                  • Opcode ID: 97a1d40f626d07f8b6b8daa48bc59cc996610198c86794b7ab60cb7639f08fb7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 37a9408cdba27a78511355904d7ad64bceb2dfe1b39812a89f66b8bc5d50d94b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97a1d40f626d07f8b6b8daa48bc59cc996610198c86794b7ab60cb7639f08fb7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78317C76A09B01AAF700DF60E8443A8B7B4FB94749F914138CA4D97B64CF7CD168CB60
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99814FC Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2672075419-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5de48b37807cf5e9572c5b55aff88bc579260c59b463e26447def2c6e42a81eb
                                                                                                                                                                                                                                                                                                  • Instruction ID: fc680f11474d34122dfb004225529c1fcbbfac398811687924a62de51449be17
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de48b37807cf5e9572c5b55aff88bc579260c59b463e26447def2c6e42a81eb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D91C6B6B066029AF720EF21D4802BDE3B5EB84B49F858039DD0D837A5DF3CE4658760
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D9924 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 435COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D780C: CreateFileW.KERNEL32 ref: 00007FF7A98D7876
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98F41D0: GetCurrentDirectoryW.KERNEL32(?,00007FF7A98D99C7), ref: 00007FF7A98F41EC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D5A50: GetFullPathNameW.KERNEL32(?,00007FF7A98D5A3D,?,00007FF7A98D4C50,?,?,?,00007FF7A98D109E), ref: 00007FF7A98D5A7B
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7A98D9A60
                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7A98D9BA0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                                                                                                                                                                                                                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                                                                                                                                                  • API String ID: 2207129308-3738523708
                                                                                                                                                                                                                                                                                                  • Opcode ID: da8776b3935f108f372e0f447b79be8c4908acda2ed79a75d128fc386c9bb0f4
                                                                                                                                                                                                                                                                                                  • Instruction ID: f31ccf2336c034add939ea8d8f9fdd585435e95f1466b3ed1df4ee60ce751925
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8776b3935f108f372e0f447b79be8c4908acda2ed79a75d128fc386c9bb0f4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF12A222A1B64295EB50FF20D4405EDE3B0FB94794FD24132EA8E87AA9DF3CD565C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D8248 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 289comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                                                                                                                                                                                                                                  • String ID: close all
                                                                                                                                                                                                                                                                                                  • API String ID: 1992507300-3243417748
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5baaea7a998fb5a64be74ad77031d7567826fe4b93f306c701784b71cba838e4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b4b22205b0a6f5fd1fa83f682c9a8ca07feffa48e5064110b86f3cc22d1dfec
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5baaea7a998fb5a64be74ad77031d7567826fe4b93f306c701784b71cba838e4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D1FE26B0BA4295EE54FF16C59027CA374BF84B44F9640B6DB0E972A1DF38D8768720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9967FD8 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                                                                                                                                                                                                                                  • API String ID: 0-1765764032
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e2a3d229f0fbfbb0bb3e4ac55cef0babde8bd6d800c2740a403695577890c75
                                                                                                                                                                                                                                                                                                  • Instruction ID: b077b66ebcbfcb69e77502ea27a10d6059ea5d64d90176dd649f160f728f61e3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e2a3d229f0fbfbb0bb3e4ac55cef0babde8bd6d800c2740a403695577890c75
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9A1A132A09B4196EB20AF62E4405ADB7B0FB88B98F864136CF4D87764DF3CD565C712
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997ABC4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                                                                                                                                                                                                                                                  • String ID: -----$SysListView32
                                                                                                                                                                                                                                                                                                  • API String ID: 2361508679-3975388722
                                                                                                                                                                                                                                                                                                  • Opcode ID: ea816c629daf7890c5ddb102d8fb278a57c9d15cc399289f831795b74fbae7da
                                                                                                                                                                                                                                                                                                  • Instruction ID: 080c2ec99620067796fee4fa54a5a8b241183b5eea8d9bc14c7895e911432902
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea816c629daf7890c5ddb102d8fb278a57c9d15cc399289f831795b74fbae7da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4951E132A05781ABE720DF25E8446D9B3B1FB88784F81413ADE4D87B69DF38D565CB40
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D3CEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3
                                                                                                                                                                                                                                                                                                  • API String ID: 423443420-1704141276
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d34682438d4925233b099617d424a34890b62ea6906e6c19d5122f867670d4b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 42d739d6cc59b08ec671a23a05c4f80da8a72d012397a9db8c3dc8b72b111972
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d34682438d4925233b099617d424a34890b62ea6906e6c19d5122f867670d4b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16311B36A0AB01AAFB00EF51EC44369B3B4BB88759F854139CD4D93B64DF7D9064CB60
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99171D8 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e698672ba2fde47866938956bdd2d104ce607d52ab9d410fe63d21d4b336d6a1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d433d0195f3629c301bf51ab2cfc4cdc2d4cb19ec41201764463a2e7ae1fbe5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e698672ba2fde47866938956bdd2d104ce607d52ab9d410fe63d21d4b336d6a1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AC1C032B16A429AEB949F64D4403AC7771F7897A8F524225DE2E977E4CF38D025C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997CB9C Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 13f1134b8e25db497226d3983802e6b8d12e784a5e0e0389ad28e06e0f0fc450
                                                                                                                                                                                                                                                                                                  • Instruction ID: a8e0b7122da942246bcdce543868af206bcb89c8b23e464e5facc9150e71f901
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13f1134b8e25db497226d3983802e6b8d12e784a5e0e0389ad28e06e0f0fc450
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF61F225A0A543A7F764BF2588407B9BA31BFC0B94F968431DA0D837F5DE3DE4649B20
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99124E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                                                                                  • API String ID: 500310315-1684325040
                                                                                                                                                                                                                                                                                                  • Opcode ID: 685836145ac74aa4a2cd79fc47d922bc0e29f1722bd05d5705c662cecaadf47c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 612c6e0f8b4af3d62b79cd7d4758f48ac059ba9648c909997ed3ef8c7673165f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 685836145ac74aa4a2cd79fc47d922bc0e29f1722bd05d5705c662cecaadf47c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6616032A19652EAE7A0BF25D8801A9B7B4FBC4784FD60136E94DC26B4DF3CD461C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99812A4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                  • API String ID: 3721556410-2107944366
                                                                                                                                                                                                                                                                                                  • Opcode ID: d033586eeb8420df0584d02cad3e0ad78160aa9a1a2060901ffcbfff1dfca609
                                                                                                                                                                                                                                                                                                  • Instruction ID: 79f433bd055ccd3cd2a11bb9d7057e4a4b880ab3acd5eaa3c45ba599d2255696
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d033586eeb8420df0584d02cad3e0ad78160aa9a1a2060901ffcbfff1dfca609
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D261BF76A16A52A9EB00EF61D8805ECB770FB84B98F824136DD0D93AB5CF3CD465C760
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994A6DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                  • String ID: 2$P
                                                                                                                                                                                                                                                                                                  • API String ID: 93392585-1110268094
                                                                                                                                                                                                                                                                                                  • Opcode ID: c4d75c7bed3dc32d74565b12e7beeeeebc4fd81d0a729176aca41e8b187ce2d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a94093743e7aaaddaa6a03ea5da27f52b80c4a0030f4a5c2b243ae14b93add0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4d75c7bed3dc32d74565b12e7beeeeebc4fd81d0a729176aca41e8b187ce2d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09512332E07642A9F725AF2294402FDB7B4EBD4758FA54135CA1E937A4DF38D4A28321
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994B400 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: IconLoad_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                  • API String ID: 4060274358-404129466
                                                                                                                                                                                                                                                                                                  • Opcode ID: b636dc1b51594c2af202ed54f4e4bdeb97e8f240ec4436fd1e847df07db7b1d4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 88d0f841bc453112e2ca9000160ab76d15d0e4b42ace55db96687ad2f567f3c0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b636dc1b51594c2af202ed54f4e4bdeb97e8f240ec4436fd1e847df07db7b1d4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19218021B0E782A1FB55BF16A40017EE2B1AFD8780FC65035DD4E867B6EF7CE4218260
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994CC44 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                  • API String ID: 4051287042-3128320259
                                                                                                                                                                                                                                                                                                  • Opcode ID: 02e40095ef40720f69863dbac7a2070404752031add831b0985804f9b4f72438
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a087bbdec77a1f1b89e45b026ada5d7f811a1b78c3a1b46c201f4f1bc24f987
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02e40095ef40720f69863dbac7a2070404752031add831b0985804f9b4f72438
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 211152B5B19B81A1E734AF10F4457EAA270FBC8745FC1443AD64E83A68DE7CC159C760
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99829E4 Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e1e2e441c9291e36cebb6767608181e9d23d9b0bd25b43b6ce96c6e1de2e754f
                                                                                                                                                                                                                                                                                                  • Instruction ID: ff1f3682dac7d3f5efd98127d40a87b09cdb9b5004bcc95a8d08197107f59fde
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e2e441c9291e36cebb6767608181e9d23d9b0bd25b43b6ce96c6e1de2e754f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA105A571A54362E758AF25914473DF7B0FBA4B85F529039DE0A83AB0DF3CE8708710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F428C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 87c66640600301fc3614396531e44b743e01540278fec1b87f8964912ffd81f2
                                                                                                                                                                                                                                                                                                  • Instruction ID: c6c879bc4236598e6191ac34bb0ab86caaa87ada9251b4a72b11a8e6265366f2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87c66640600301fc3614396531e44b743e01540278fec1b87f8964912ffd81f2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1051B622A0E14295F754BF3D940877DA6B19FD1F05F9A90BEC50EC22B5DE2CA4B8C221
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997991C Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9674a36d8164cb560b58a036ea6f3e8bd8e6a73e44ede240e929598dcb41685d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 76fd01eb8d86e844ef545d5159a8fd86668e63b604d9c27454307c1a9166fefe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9674a36d8164cb560b58a036ea6f3e8bd8e6a73e44ede240e929598dcb41685d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA41BC766196819BE7249F21A444B6AFBB0F798B91F558034EF8A83B64DF3CD4548B00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9910A4C Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 329cf7ad438edc5c76dcb0b9fad9cd181248692e257404cd766d6ec6700348b5
                                                                                                                                                                                                                                                                                                  • Instruction ID: d638182b3f9dbcdbc86c389f18dff5eeeece33808f9e3d4ebdbc1b5edd236ce3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 329cf7ad438edc5c76dcb0b9fad9cd181248692e257404cd766d6ec6700348b5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2C10D21A4A782D9EAA0AF15940027DA775BBD0780FE74135DA5E833F5CF3EE461C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9951250 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • #77.OLEAUT32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A995133B
                                                                                                                                                                                                                                                                                                  • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A9951391
                                                                                                                                                                                                                                                                                                  • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A9951478
                                                                                                                                                                                                                                                                                                  • #24.OLEAUT32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A995149F
                                                                                                                                                                                                                                                                                                  • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A99514B0
                                                                                                                                                                                                                                                                                                  • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A995151E
                                                                                                                                                                                                                                                                                                  • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF7A9950CA8,?,?,00000000,00007FF7A99686CF), ref: 00007FF7A9951593
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2585bf9d99523b85a6387ebb36db1e93d42442dc18b734288afeab1606f91b78
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b62d6f738b85207a82f557dc41428cf729645f3ee50163b1f02c60a5d335e21
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2585bf9d99523b85a6387ebb36db1e93d42442dc18b734288afeab1606f91b78
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CA1C422A0A602B5FB20AF55C4943BDA771FB89B44F865431DE0EC76A1DF3CD869C360
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D1E2C Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d06d4cd1a423281fa7bfc3dd395589592d26c066c60ef58400709c52517d685a
                                                                                                                                                                                                                                                                                                  • Instruction ID: a8a5b161e20078f131ee34430b2083dfe595c05438a913f0d697d0c7338b45d7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d06d4cd1a423281fa7bfc3dd395589592d26c066c60ef58400709c52517d685a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FA1B072A0D6C08BE7749F19A44066EFB71FBC9B94F914125EA8953B68CB3CD462CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99802A8 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$Enabled
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3694350264-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: afb273491b6871b9358392d720659e4730aaef88e09809c522e030074b87f941
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3baa155d4dfbf3480d904c30a3dced6808853c47f47b38bfe20e38a4ce5cb32c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afb273491b6871b9358392d720659e4730aaef88e09809c522e030074b87f941
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E91C5A1E4A64666FB64AF1594503F9F3B1AFC4741F86803ACA5D836B1DE3CE4A08731
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B0F8 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 161812096-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e0c978de7f3949c5e4fef75b6087ee8ddd4ddcc90206a13e30e68fd27cedf73
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9287a5d317b63fa7da8d137d2c4a1036f4333e6075e118a288580cf5cf72e9ef
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e0c978de7f3949c5e4fef75b6087ee8ddd4ddcc90206a13e30e68fd27cedf73
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF417F36A06B0195EB50EF62E8806AC77B1FB94B84F564035DE0D93774CF38D465CB10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B754 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                  • Opcode ID: 769d822a731d8b4ab9969762f95a8256fd4e8cf9c5dd72bf7c6db143b8f84875
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1463f0ccbbc09510db9404d7dd9e0b858daf0d6875a33bf93528f65d74997d9d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 769d822a731d8b4ab9969762f95a8256fd4e8cf9c5dd72bf7c6db143b8f84875
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20317836A096819BE3609F21F854B5AB761EBD8790F509139DB8943F69CF3CD8458F10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D3E24 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Create$Show
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3$d$edit
                                                                                                                                                                                                                                                                                                  • API String ID: 2813641753-2600919596
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ad88fc629bd0e984a014ea89d123ec5e352ad141f26ec72c70a003d1c95128a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e43d0a6c78f3b43da3081491b2b7712b199705b4cda2f47bbc828ef9ee5ae88
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad88fc629bd0e984a014ea89d123ec5e352ad141f26ec72c70a003d1c95128a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4215E72A19B4197EB50DF10F848729B7B0F7D879AF924238E64D86A64CF7DD058CB20
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98DD6F0 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3220332590-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 18d3220a09dc32d3d71dcb14d157741ee50ede115eaee0b264565a3d31b006b7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 126aed79df809b9ed332f3643faa2ee75a56f0aed4aa52fca1f1a66ba7b36069
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d3220a09dc32d3d71dcb14d157741ee50ede115eaee0b264565a3d31b006b7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59A1166BA1A24385E724AF7585047FDB3B0FF44B18F565035DE1AC7EA8EA3C9921D320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F9EE4 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: f$p
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-1290815066
                                                                                                                                                                                                                                                                                                  • Opcode ID: 14ccad43d37fd71aaa8e031f26cd0cf571f1f2d22f7e2fca84e2043b4fd9c4d9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c25b5b0b6462ba22cae6096edbe4e47b8f222d15e0eba4573a25bf3e9db66c8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14ccad43d37fd71aaa8e031f26cd0cf571f1f2d22f7e2fca84e2043b4fd9c4d9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A128123E0E15385FF20AE14E104279F272EB60764FD56271D699876E8FB3DE5B09B20
                                                                                                                                                                                                                                                                                                  Function 00007FF7A993B314 Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • #8.OLEAUT32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B329
                                                                                                                                                                                                                                                                                                  • #9.WSOCK32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B3AE
                                                                                                                                                                                                                                                                                                  • #10.WSOCK32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B3BA
                                                                                                                                                                                                                                                                                                  • #9.WSOCK32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B3C5
                                                                                                                                                                                                                                                                                                  • #2.WSOCK32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B3F5
                                                                                                                                                                                                                                                                                                  • #10.WSOCK32(?,?,?,?,?,?,?,00007FF7A993B677,?,?,?,?,?,?,00000000,00007FF7A99683FD), ref: 00007FF7A993B457
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 785b3640f85267f1ef9f05d197945c1451001bbbcd8b86362fb934929ab386fd
                                                                                                                                                                                                                                                                                                  • Instruction ID: e26a7d28c8f68d4ba7540cad6d500e6e2f1818a3e8b69544e5e921af8ac898df
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 785b3640f85267f1ef9f05d197945c1451001bbbcd8b86362fb934929ab386fd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2071653690B242A1EA28BF25D59417EE371EF85780F86413AC74D87BB1DF2CE5318325
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98E0350 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                                                                                                  • API String ID: 0-2263619337
                                                                                                                                                                                                                                                                                                  • Opcode ID: 10a07b77c3d4b654f9d55339737c030c9922b14c4774005ba61325eac3fbb13f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a0eb801da00787093c4d071ae88cf2e55f752ebd95376eb38a17cd2fba6bc81
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10a07b77c3d4b654f9d55339737c030c9922b14c4774005ba61325eac3fbb13f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4151B333B0BA0296EB10EF69D4541BDA375EB84B84F968135CA0D977A5EE3DD421C360
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D1B30 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2592858361-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c0ed2a69acb1fa65bc09f52d169f3783c288c6979980f6a8e8ea6be4c03c785a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0fa07c89e48e074201dcc61646e4033c037a59d36e910ad3079e9be1497f5ac7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0ed2a69acb1fa65bc09f52d169f3783c288c6979980f6a8e8ea6be4c03c785a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A151B171A0A6428AE720EF11E484379B7B0FB85B94F924135CA5D87BB0CF7DE421C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A993BD00 Relevance: 9.1, APIs: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: From$Prog$ExceptionFreeRaiseStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 450394209-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c3e3764820b3f5600a73afc0a99e1e7d3feceb6c0e9b2fc54303b0e2514af5be
                                                                                                                                                                                                                                                                                                  • Instruction ID: 72d0c07a3ade3266c4ebb9e8b64adb95d34623b6864569934348471fbc5a45ce
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3e3764820b3f5600a73afc0a99e1e7d3feceb6c0e9b2fc54303b0e2514af5be
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC11A5B1B1964197FB549F12E44032AA3B5ABC5B85F554039DB4D8BB28CF3DD4548710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9901D04 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2082702847-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 14857e1ad4c4825aa7d047bb9807a31f284bfb654c1297a130cb15933308218e
                                                                                                                                                                                                                                                                                                  • Instruction ID: b603aa0a8444eb7f5d36e3db352cd3a5ce80d1e175d1d450e1d4774c0304d75f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14857e1ad4c4825aa7d047bb9807a31f284bfb654c1297a130cb15933308218e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC218365A0B702A2FEA4AF609454178E2B0AFC4B74F854734DA3D867F4DF3CD4648220
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9942828 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e96038359b8bcf9d40ab16245d6c00f02c1c42b7617fe174b97500c319439ec5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4597bfffae7f3eba449cc7923544ec8655068cea2e7ab9a19df2a8a9a3904d1f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e96038359b8bcf9d40ab16245d6c00f02c1c42b7617fe174b97500c319439ec5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1118F69706B0192FB08DF62944802DA7B1FBC8B81B828079CE0E83B64CE3DD8558711
                                                                                                                                                                                                                                                                                                  Function 00007FF7A998117C Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aa036b7f6b4181bf747b7f25e8c59d16cc241acf913ae98ed06744a76854e657
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b7153517c09ac46ac07dab09390b0ede3ceba312e289ac12ee1158513622320
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa036b7f6b4181bf747b7f25e8c59d16cc241acf913ae98ed06744a76854e657
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE119D75B1529292F714AF15B804B69E760EBC5F85F898174CF0683B60CF7DE8A88B50
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D4050 Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7b1f2997da372a43bc31476f6d0c07695968ad033343f6aabdfa55d6cba17457
                                                                                                                                                                                                                                                                                                  • Instruction ID: d7f9e4eb0da28b089728673e3b176450d3e31e9f568b3d731cf4d928c1b37b83
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b1f2997da372a43bc31476f6d0c07695968ad033343f6aabdfa55d6cba17457
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D911A362926640C7E348DF79CC88159B7B1FB98B09B85C07CC60987271EE38809EC711
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99098C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: #$E$O
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-248080428
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ec0da66385ca5cfa3e6e9d06278922857a071159ec432c0170ef47ddb72b8c3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ef360d8d38d3804d2fd6e6224539b6018f6c30c1114e8bb8519ff72471c9f33
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ec0da66385ca5cfa3e6e9d06278922857a071159ec432c0170ef47ddb72b8c3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7441B526A1675195EF91AF2198401BDA3B4BFD8B88F894131EE6D87768DF3CD861C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D5648 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                                                                                                                                                                                                                                  • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                  • API String ID: 3135491444-4094128768
                                                                                                                                                                                                                                                                                                  • Opcode ID: 354254922fa2c28dd54db28c89f49ff099e9fde37b9e557e9e980069f242a2a6
                                                                                                                                                                                                                                                                                                  • Instruction ID: aff3ae31fa948bd531d70c81385971e4f5bc8b836d390a4c5f00299b4bcc372f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 354254922fa2c28dd54db28c89f49ff099e9fde37b9e557e9e980069f242a2a6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8041536260B646A6EB10FF21E4401AAA372FFC5344FD14172E58D875BADF2CE629C760
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9979C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                  • API String ID: 4146253029-1011021900
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f65093a7382f8a48a4cc55905c2204c55616e0901a85524ccd8895086e96556
                                                                                                                                                                                                                                                                                                  • Instruction ID: fa2b118b9c165e683d77e1aab637c9db84681907b2e49b9e84e1f91e294a3224
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f65093a7382f8a48a4cc55905c2204c55616e0901a85524ccd8895086e96556
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A31BF3260A7819BE760AF20E444B6AB3B0FBC9790F914139EA5943BA4CF3CD855CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F8FF4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf97d253b0b0f27bc9f8dee52e5b911b6d739ecbcd2cb4f6be9dea0dab631d0a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b642d1b27f55257b90ec5420e55c900710eeada8c05a0d1fd3d72af981afe74
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf97d253b0b0f27bc9f8dee52e5b911b6d739ecbcd2cb4f6be9dea0dab631d0a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF08166A1BA4691FE44AF11E440279E3B0EFC8781FC5903DE90F86274DE2DD4A9C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9918844 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6a55710d5b20bbebf70dcaf2af2ba2f9473b57b39f5035fa7bc312dbbbf193c7
                                                                                                                                                                                                                                                                                                  • Instruction ID: bbd4e00dd6721d1b49cdee7950fd82276cc4f12bab1fe5651016cbd57f21b75a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a55710d5b20bbebf70dcaf2af2ba2f9473b57b39f5035fa7bc312dbbbf193c7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FA14362B0A341E9FFA06F529400379E6B1BF80794FA94535DA2D8B7E4DF3CD4649312
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990EB98 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 49a97c8ce8b369b2f42047b1b1bb4140d0dd21c8d4100dd6dfdde4f7fa664e0d
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad82abe26ddfad1833b433d0c8e5e69b526babdfb0d7e7be286fa73d682072ea
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49a97c8ce8b369b2f42047b1b1bb4140d0dd21c8d4100dd6dfdde4f7fa664e0d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E81C462E1A612A5F790BFA5A4406BDA6B4BBC4B44F864135DD2E937B4CF3CD421C330
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990E50C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3659116390-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa48a44f82e5a3751bdb722be5fb413316008f962baa66a44dfac203e8cd9eea
                                                                                                                                                                                                                                                                                                  • Instruction ID: 318282687af9109c069172ff7269a91747140f71129f3fefb8580e58615bd2c4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa48a44f82e5a3751bdb722be5fb413316008f962baa66a44dfac203e8cd9eea
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2511032A15A51D9F750DFA5E4403ACBBB0FB84B88F458135DE5A87BA8DF38D066C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9912828 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e4cf0076cbdf12184df61fca722bc08e1e8edcc07d01b2398d8d0565b611ed0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4cbcaebe06195e3aaca66945db60789f3e64a5cf5e971029b797219b80745202
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e4cf0076cbdf12184df61fca722bc08e1e8edcc07d01b2398d8d0565b611ed0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6051D56260A782D9E6A0BF15954017CF7B4FF80BA1FA64235DAA9876F4DF3CD421C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D1990 Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 212ea22fed56076fe4411d7c93cd1191e07a29710201a96bd61674af69d79e6f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 98272cb76346117398d696784048d56ea37d6f48e9282099ff8a7171761f46ec
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 212ea22fed56076fe4411d7c93cd1191e07a29710201a96bd61674af69d79e6f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0351F33670A6419FE358EF3594809A9B7B0FF88754F550235EA2D837A4CF38E4B18B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990B8BC Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a45d0f6615f049d54ccb6cd257a4a45fb43b8e31baabd57d5cfb2bdcd6727f95
                                                                                                                                                                                                                                                                                                  • Instruction ID: 418ffb343a7b2d745df0dd26f4ec4657d789bb00754b98421671b6a44db12cf2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a45d0f6615f049d54ccb6cd257a4a45fb43b8e31baabd57d5cfb2bdcd6727f95
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E41E562B0B642A1FE55AF459800679E3B1BF88B90F8B4535DD7DCB3A8DE3CE4148320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99806D0 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Show$Enable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2939132127-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf1680c497ddafbed20fc8edb41bbefd3142ef2a208a4fb9b9f279baa3c2d0bd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 77693a30d6c62f75cda654674a322dc469a286cdf6478f6c877e00332bd6a0c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf1680c497ddafbed20fc8edb41bbefd3142ef2a208a4fb9b9f279baa3c2d0bd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE5184B690A68695FB509F15D844278F7B4EBC4B45F9A8035CA4D87770CE3DE4A2C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D209C Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 21f8d7a47469f2a49f07ab7fee508d90b20fe2808d7db8b1552c4b0775fa0cfc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 111a10224c721ce6fcb761320ff7132984c172cee194a0c7447bf70a2507a428
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21f8d7a47469f2a49f07ab7fee508d90b20fe2808d7db8b1552c4b0775fa0cfc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6317E7190A7559AFB90AF01A840339F3B1FB94B81F964179D54983670CF7CE465CB20
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9901DD4 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 41f6880fa826dc7585c1c84434b9e1d83cf5f40789d2fa38c65a87c25badbc06
                                                                                                                                                                                                                                                                                                  • Instruction ID: c569c926ef53090df6970ba4b52f8a4a2ae8c7475e7fe7e66320c1ec13d9a467
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41f6880fa826dc7585c1c84434b9e1d83cf5f40789d2fa38c65a87c25badbc06
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C21B365A0B742A6FEA4EF61A45007DE7B0AFD4B80F894431DE1D837A4DF3CE4248720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990F864 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ebe8654c569b7b411d1ff88ef690df32e320daa95c2d6a494747889ce22108c0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f51b99b1fd5fd5ce3157779fc50467449f3dbc6f3c619f0effcb6c662f3a861
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebe8654c569b7b411d1ff88ef690df32e320daa95c2d6a494747889ce22108c0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5711C822D0D623A1F6D4F924D6533B9A5616FC1361F8B4630EE7FC65FACE1C56608121
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F508C Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2117695475-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5e575c077726398a46d38c0ab7510b231f7ab4447039ca8bf6b85c165a1961f5
                                                                                                                                                                                                                                                                                                  • Instruction ID: c1c617b819cd7cedd5dce2920e745b0cc0ea35a2e2f29dd061579e4c2a86cb16
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e575c077726398a46d38c0ab7510b231f7ab4447039ca8bf6b85c165a1961f5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B311BF46E0B50315FA487FB4A61A2F891A54FB4720FC664B1E59DCA1F3FD1CB8B04632
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994DF5C Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d1d48ba528d093844c112ef2a6b88edd344cae1c5bdc8ff2dee1276ed7d49edf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 14f01cca3cd444035022fdf25a8a97a1a2433268faf1bfe3969e393d09b83b4c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1d48ba528d093844c112ef2a6b88edd344cae1c5bdc8ff2dee1276ed7d49edf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B201F524A2EA0291FB16AF30A490039D3B0EFC5781BD54179E10FD1471DF2CF4A88620
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9950740 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00007FF7A991B91D,?,?,?,00007FF7A98E1CE2), ref: 00007FF7A9950774
                                                                                                                                                                                                                                                                                                  • TerminateThread.KERNEL32(?,?,?,00007FF7A991B91D,?,?,?,00007FF7A98E1CE2), ref: 00007FF7A995077F
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,00007FF7A991B91D,?,?,?,00007FF7A98E1CE2), ref: 00007FF7A995078D
                                                                                                                                                                                                                                                                                                  • ~SyncLockT.VCCORLIB ref: 00007FF7A9950796
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A994FF10: CloseHandle.KERNEL32(?,?,?,00007FF7A995079B,?,?,?,00007FF7A991B91D,?,?,?,00007FF7A98E1CE2), ref: 00007FF7A994FF21
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7A991B91D,?,?,?,00007FF7A98E1CE2), ref: 00007FF7A99507A2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3142591903-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 76932726eea5529e7fdc35515854e9fd5991f11f065ee08a39893390980189ab
                                                                                                                                                                                                                                                                                                  • Instruction ID: 63fda41ee9d7699212d8351da3af7b485111a233a73cc1bd883796e677c91754
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76932726eea5529e7fdc35515854e9fd5991f11f065ee08a39893390980189ab
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7014C3AA09A51A6E751AF15F44022DB370FBC8B51F904035DB8D83B65CF3CD8AAC710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9901C30 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1611280651-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c939a99abec6306985d834238b453b49f76b24eaa75274ab5cb1e39e153e39a7
                                                                                                                                                                                                                                                                                                  • Instruction ID: fbe3a7f2a308d9d1969094f32b5925f14e3026f408adf11d9aab307172dbc706
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c939a99abec6306985d834238b453b49f76b24eaa75274ab5cb1e39e153e39a7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B012125B0A642A2FA547F6094C417CA275EF80B75FD1973DC63D826F5DF2DE8688310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D2014 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c0d1d6aa304cf5aea753b96ce6937b87738b948b12bd6a99439db02bd4df4919
                                                                                                                                                                                                                                                                                                  • Instruction ID: cee01019220deb838874bce9a4c0b5c7dc455bf0cebab0b342c37fc2399ca642
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0d1d6aa304cf5aea753b96ce6937b87738b948b12bd6a99439db02bd4df4919
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A019EA5D0A586A9FA547F10FD44335E371AF90B82F9A8174C51AC6270CF7DA4B8C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990FED0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                                                  • Opcode ID: c198a4eb709ee13625bde9cc1d7ff3a4e64f3f967d5eb97f4a55568a0741187b
                                                                                                                                                                                                                                                                                                  • Instruction ID: e982809ca0b609969831cb110b30c9705dd0b042ad56c33d75f3c08bab6c01d1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c198a4eb709ee13625bde9cc1d7ff3a4e64f3f967d5eb97f4a55568a0741187b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B481C772D4A212EAFBE47F159540279A6B0BF91740FE68035CB59C76B0DB2EA570C221
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D4CFC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D4082
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D4090
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D40A0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D40B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D40BE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4050: MapVirtualKeyW.USER32(?,?,?,00007FF7A98D4DDE), ref: 00007FF7A98D40CC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D40DC: RegisterWindowMessageW.USER32(?,?,?,00007FF7A98D4F68), ref: 00007FF7A98D4146
                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A98D106D), ref: 00007FF7A98D5042
                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A98D106D), ref: 00007FF7A98D50C8
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A98D106D), ref: 00007FF7A991B336
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt
                                                                                                                                                                                                                                                                                                  • API String ID: 1986988660-2515660138
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b9a672c5679c7d79af7300a008647115a44a4ad4b9a8e2cd430e2f10d72906a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3736bbe9a057570b3406138bb771257ad0700abda8e49b8937d60f51c7f0efcd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b9a672c5679c7d79af7300a008647115a44a4ad4b9a8e2cd430e2f10d72906a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C1AF7195BB42A9EA40AF14AD80079F7B8BFD4340F92423AD49DD2671DF7CA174CBA0
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98FB078 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: $*
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                                                                                                  • Opcode ID: f489a03a3506d653c7ee3588779f7f95d69400e15805bf1bd0434c8f497717d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: f7137bde14d805960fe5f0a218802baa2179c68a03378ee4b5ae6ce14821ab90
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f489a03a3506d653c7ee3588779f7f95d69400e15805bf1bd0434c8f497717d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D561B97390E24286EB64AE34904437CB7B0EB65B48F9621B5C64EC61B9EF3CD4B1C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9905EF8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                  • String ID: !$acos
                                                                                                                                                                                                                                                                                                  • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                                                                                                  • Opcode ID: fe5c41fd610f88853482abc0cd2e8e1d01d6fbece9f8f84a67c424940e19f963
                                                                                                                                                                                                                                                                                                  • Instruction ID: dccc3c3bf1ab8225c5df9d4d1b8e24d802b85a8f142aa8688eda497bad5cc183
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe5c41fd610f88853482abc0cd2e8e1d01d6fbece9f8f84a67c424940e19f963
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08611822D29F4598E6639F356810376E778AFD63C1F42C336E91EB5A74DF2CA0928610
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99061B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                  • String ID: !$asin
                                                                                                                                                                                                                                                                                                  • API String ID: 1156100317-2188059690
                                                                                                                                                                                                                                                                                                  • Opcode ID: 41486beb716a1d3ce37726eba78a07ae1a3876e53f623111aae521f8a9e85d9d
                                                                                                                                                                                                                                                                                                  • Instruction ID: c44839e7a3cb2f7d855e8e5df187c5519066056f1b4a70931d2a901c65fcdc91
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41486beb716a1d3ce37726eba78a07ae1a3876e53f623111aae521f8a9e85d9d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C61F922C29F8195E653DF386811376E374AFD63C1F92C336E95EB5A74DF2CA0924610
                                                                                                                                                                                                                                                                                                  Function 00007FF7A994AD28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                                                                  • API String ID: 135850232-3110715001
                                                                                                                                                                                                                                                                                                  • Opcode ID: f62664e60d2089e058bbf88f82fa64fb9d6e9027cc1cc1a0f268c82638e958f5
                                                                                                                                                                                                                                                                                                  • Instruction ID: d3d2b0fafbcaca47892eecdd2e07009bd91b7da9a416de2859e00e721f33696f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f62664e60d2089e058bbf88f82fa64fb9d6e9027cc1cc1a0f268c82638e958f5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941B432A0668191EB21EF1594043AEA774EBD4BA0F9B8231DA6D833E1DF3CD491C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990E938 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                                                                  • API String ID: 2456169464-4171548499
                                                                                                                                                                                                                                                                                                  • Opcode ID: f09a28fcae5188001d86cef28677a7ab9bc0fda8486cb330b6ca1d514bdcb2ce
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9dae10bffaaca51471429eb5586cfc4b1a1a8054d0a0f0289348d9d942e09020
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f09a28fcae5188001d86cef28677a7ab9bc0fda8486cb330b6ca1d514bdcb2ce
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7841C322A1A74192EB60EF65F8443A9B7B1FB88790F824031EE4E877A4DF3CD455C750
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997BCCC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7bb5fa9822eba039514a9ba19c73050aeebd4584b22656b65eef0b423cabdd65
                                                                                                                                                                                                                                                                                                  • Instruction ID: d5dc8f555961ce65ff85e08c743006163317fbf9fae119b589eab40ad02454f0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bb5fa9822eba039514a9ba19c73050aeebd4584b22656b65eef0b423cabdd65
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E417B32A0A68186E7709F24E444B9AB3B1FB84760F558335DAA843BA8CF3CD855CF50
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$CreateObjectStock
                                                                                                                                                                                                                                                                                                  • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                  • API String ID: 2671490118-1439706946
                                                                                                                                                                                                                                                                                                  • Opcode ID: 25626af29ff67ce8d6fd7c70d4133758a87d5dadaddcd57ce23f9999b42ad6ab
                                                                                                                                                                                                                                                                                                  • Instruction ID: 338dd65e5523988e03bb38aa62f38794da75daec187b928fecc3e93b6008b4e1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25626af29ff67ce8d6fd7c70d4133758a87d5dadaddcd57ce23f9999b42ad6ab
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF418E326096C29AE330DF25E444B9AF7A0F7C8790F518235EA9D43AA9DF3CD4858F50
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997C010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                                                                                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                  • API String ID: 1752125012-2298589950
                                                                                                                                                                                                                                                                                                  • Opcode ID: 428f94a7a59cd7bf989baa6ef0aa5c6b519b04ddf6fb8b4790f89f2c0ee1e6c4
                                                                                                                                                                                                                                                                                                  • Instruction ID: a921f2374014fdbeacd0622b976215ac31417b5e1aa5568a7f0caf9b2833c423
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428f94a7a59cd7bf989baa6ef0aa5c6b519b04ddf6fb8b4790f89f2c0ee1e6c4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F531E772A19B81A6EB20DF15E8803A9B371FBC5B91F518135DA8D83B68CF3CD495CB10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997AA64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                                                                                                                                                                                                                                                  • String ID: Listbox
                                                                                                                                                                                                                                                                                                  • API String ID: 3747482310-2633736733
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2d3583662e6f7e144ee14d910da68979ea0603b7228fe14a50fd2d5f2b3179cb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 074c4b35d5e561a63ce4e0dd6414933ef80d1f07e7e529b1dbbbd64fda8fd189
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d3583662e6f7e144ee14d910da68979ea0603b7228fe14a50fd2d5f2b3179cb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01317E366097C196E370DF15F844A5AF7B1F7887A0F508225EA9903BA9CB3CD491CF00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D46E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32 ref: 00007FF7A991B0D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D5A50: GetFullPathNameW.KERNEL32(?,00007FF7A98D5A3D,?,00007FF7A98D4C50,?,?,?,00007FF7A98D109E), ref: 00007FF7A98D5A7B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98D4694: GetLongPathNameW.KERNEL32 ref: 00007FF7A98D46B8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                                                                                                                                                                                                  • API String ID: 779396738-2360590182
                                                                                                                                                                                                                                                                                                  • Opcode ID: 16a998d4ffd8908b2b5846d7a7af52c857f6656f6899eb4e8e8eaa093dec734f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 390f2bd2f73cf133a8740bd73858bf08b24bf40e5d805ad064195e527c2cf2cb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16a998d4ffd8908b2b5846d7a7af52c857f6656f6899eb4e8e8eaa093dec734f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA31AD3260AB8189E710EF21D8401ADB7B4FB89B84F994175DA8C83B69DF3CD165C720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B97C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                  • API String ID: 1025951953-1010561917
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ec90dd8264e47930b8add246dd2117d3f761b03aba2c3bb1ed4f7e4c6c127fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 32a6f29883f5ffcd6ae07b5958a36754c5ad6d5441b15e2c237e6a604ff46e40
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ec90dd8264e47930b8add246dd2117d3f761b03aba2c3bb1ed4f7e4c6c127fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35316772A096819BE3609F15A844B5AB7A1F788B90F518239DA9843B68CF38D8518F10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F8612 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                                                  • API String ID: 2280078643-1018135373
                                                                                                                                                                                                                                                                                                  • Opcode ID: f6c1382f695be2b80eeb360de390ec25b85b68791ec0bc773e7ce0cc61abff03
                                                                                                                                                                                                                                                                                                  • Instruction ID: eac0620de8c0b697953362c153f15ad48ec5a45e82cdb4515208779d6a721aba
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6c1382f695be2b80eeb360de390ec25b85b68791ec0bc773e7ce0cc61abff03
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9221CE37609A4582E730EF02E04426EB370F794B61F421265DE8E877A5DF3CE8A6CB10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D71C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2574300362-1355242751
                                                                                                                                                                                                                                                                                                  • Opcode ID: 935ee8e5b0afee5f2a3e8b61c9fff60d84134b50b40d875a31bd5a84aed26f6b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 99b0abe29971a3e40f981f5bb05599f068fec276f712f7649760585878e1fe1a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 935ee8e5b0afee5f2a3e8b61c9fff60d84134b50b40d875a31bd5a84aed26f6b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CE0ED65907B0292EF14AF50E414374A3B0FB48B45F854579C95D86364EF7CD6B9C360
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D720C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2574300362-3689287502
                                                                                                                                                                                                                                                                                                  • Opcode ID: 849496fe8f7c3fa53244a860dec0166c597485a1e7ca8ffba036c0d989768c29
                                                                                                                                                                                                                                                                                                  • Instruction ID: b829cd5efba7acb79694109eb9ad0c2f4103337b96a98b1eae09af73eba38a5c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 849496fe8f7c3fa53244a860dec0166c597485a1e7ca8ffba036c0d989768c29
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7E06D65907B0692EF14AF21E404364A3F0FB58B49F850438C94D86364EF7CD2B9C320
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99438DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2574300362-192647395
                                                                                                                                                                                                                                                                                                  • Opcode ID: b441bd5978eb2b7f425b1bf27e1c65cb3c7479a7c4568158e328b2615627030f
                                                                                                                                                                                                                                                                                                  • Instruction ID: ae59ebb397a383277a65edab4efa557ef5bfb1e5d9ba3cd1de509b760247f792
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b441bd5978eb2b7f425b1bf27e1c65cb3c7479a7c4568158e328b2615627030f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE03965906B06E1FF15AF20A445364A3B4AB88B46F860438C90C86364EFBC92A9C220
                                                                                                                                                                                                                                                                                                  Function 00007FF7A993BDC8 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ea6f4ac70786459caae908e23c7b1e170f2c83987f10f6455c2ac2cf614949c
                                                                                                                                                                                                                                                                                                  • Instruction ID: e943154c05e21ca0e8beaafc37b8c624dccd3db891a9377c16fccdfa3e5ba567
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ea6f4ac70786459caae908e23c7b1e170f2c83987f10f6455c2ac2cf614949c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0D15966B05B4696EB18EF66C8402BD77B0FB88F88B424426DF0D87B64DF39D854D350
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9968334 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: fc57336e55be4d4a0414789caafff31700b7c62f52e3843f0ecb10163a0943b0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ff3fbdcdc2464a568dacdfef3e8b8cd7ad8c18a1ebb8d12934e9e34adf22265
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc57336e55be4d4a0414789caafff31700b7c62f52e3843f0ecb10163a0943b0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BD15A66B06A41AAEB10EF61D4801EC73B5FB84788B814476DF0D97B69DF38D529C360
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D9D70 Relevance: 6.2, APIs: 4, Instructions: 247fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00007FF7A98D475D,?,?,?,00007FF7A98D8FCF,?,?,?,?,?,?,?,00007FF7A98D9D60), ref: 00007FF7A98D9F34
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,00007FF7A98D475D,?,?,?,00007FF7A98D8FCF,?,?,?,?,?,?,?,00007FF7A98D9D60), ref: 00007FF7A991D886
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$PointerRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3154509469-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3201254c23c442e17564adbb3e46d8ade15d1a5368ec0c22c80302ae78d27f32
                                                                                                                                                                                                                                                                                                  • Instruction ID: 89f4c6dc8c25e8dbf311255aa8dab8b8e6653b2a046f88e825562aa943880cb5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3201254c23c442e17564adbb3e46d8ade15d1a5368ec0c22c80302ae78d27f32
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4B1B972A0BA41D6E761EF15D054639E3B4FB84B90F924275CA9E877B0EF3DE0618720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997F778 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf09fe5937f6b34ddc429ee35f9a2399ceb717e99e565ce14bad0b4b6f8036fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: fa2a43e9cd0c78590cb719c67473f549b2ae5a828e0f48178e9c0c57c6ccdbb2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf09fe5937f6b34ddc429ee35f9a2399ceb717e99e565ce14bad0b4b6f8036fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C418132A06A56A6FA10EF19D944579B3B0BBC4B94F964136CE1ED3370DF38E465CB10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997B278 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3076010158-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ffcaf284c61e2dc411bcc38c084d1ebc1702a088337431afa78768ad14ccc95
                                                                                                                                                                                                                                                                                                  • Instruction ID: 557bc8cd471ea5846b5d59c4dd6532361290e91b2d876c6944fa2e77c9288de7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffcaf284c61e2dc411bcc38c084d1ebc1702a088337431afa78768ad14ccc95
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26417536A06B859AEB10DF66D8406AD77B0FB84B84F564036DF0D93764CF38D8A5CB60
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990C5BC Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4141327611-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e3b76c81e184928a19d82946b11eb0fa6c3ced191be995ebd8011999c3bc7ce9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a299bcc50ccfeb3aceca825c237e22a808b3e5bf12703913a55dbc90617b29d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b76c81e184928a19d82946b11eb0fa6c3ced191be995ebd8011999c3bc7ce9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D41B76290E74256FBB5AE10D040379F2B0EFD0B90F965131DAAD867E9EF3CD4628720
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997CDF8 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8534e56cbfa9c923cdf90f1edd83f1c731ffea0719ea79c7905dbe4df23172ef
                                                                                                                                                                                                                                                                                                  • Instruction ID: 07509130df8e6962a0fd424f90f664b5ccecab8b2c5adc04e12ef7cf3177af86
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8534e56cbfa9c923cdf90f1edd83f1c731ffea0719ea79c7905dbe4df23172ef
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8841A131A0A546A6FB64AF15C4042B8F370AFD0B91F9A4532DA1D837F1DF3CE9A18B11
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9913C28 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7A990A02B,?,?,?,00007FF7A9909FE6), ref: 00007FF7A9913C41
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7A990A02B,?,?,?,00007FF7A9909FE6), ref: 00007FF7A9913CA3
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7A990A02B,?,?,?,00007FF7A9909FE6), ref: 00007FF7A9913CDD
                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7A990A02B,?,?,?,00007FF7A9909FE6), ref: 00007FF7A9913D07
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1557788787-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 74fb27ec21b7c3bf82c39238e5a02448a96be849278828ef460b116f9bff67e0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 06a8f60aea73b919fc9016b3ef1216b55501fbb709067743c53a2865e6460552
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74fb27ec21b7c3bf82c39238e5a02448a96be849278828ef460b116f9bff67e0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2721C531F09791D5EA60AF15A441029F6B8FBD4BD0B9A8134DE8EA3BB4DF3CD4618310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A998180C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a3bef3f081372c109b481b3584327cd0323210818abe567890041c97091b183
                                                                                                                                                                                                                                                                                                  • Instruction ID: d63a8725afb062ddc3df8e2b66c8cfafd2de27808c370970c48676303810ed91
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a3bef3f081372c109b481b3584327cd0323210818abe567890041c97091b183
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B831C026A09A4592EB20EF05E4803B9E370FBC4B95F954136DA4D837B8DF3CD4A6C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98D1AA8 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b43e1cc6200736644002785bf2612f5ff520a6a5f4ee2928a3ccc412ddb1b8e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3797c3e9f24bcf943ad8abf581012861b7df6aa854f0af2abbe3e5786f7a1f1b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b43e1cc6200736644002785bf2612f5ff520a6a5f4ee2928a3ccc412ddb1b8e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F215E35A0A7429BEA14AF05F490569F370FBC8B80F964571EA4D83B65DF7CE4A48B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98DDADC Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 28ab5b73c65917a7dd8a5f113cda4927fe1f4d8d92eab68f1c80210d648ebe6f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 04ae4b52158009739ea30c09309081de9cd74912946fbf95bb1bcd8fda775c7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28ab5b73c65917a7dd8a5f113cda4927fe1f4d8d92eab68f1c80210d648ebe6f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8721627260A7C59AE7A49F15E4447AAF7B0FB88784F444134DA8D87B68DF7CD4A4CB00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9902E48 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _ctrlfp
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 697997973-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ceb11bdc7e533b6efe9193ca724860c089eef8b0199c88c154fa5b9cecae704e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7e760f5275f2d79997b43ebcaefafd4199583c84e559d7c5c71dbddb2e791b44
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ceb11bdc7e533b6efe9193ca724860c089eef8b0199c88c154fa5b9cecae704e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE11F621D08A4192D690EF38904107FE771FFEA380FB54231FB998AA79DF2DE5908B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99801F8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8a25ac5d48612561cfd9a00adcb312ee919544b8dc510f65644f53762853102c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 97f42d188c668e96ce0fe169b30331e289775f5253b0e5ce152f4b733cb775a1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a25ac5d48612561cfd9a00adcb312ee919544b8dc510f65644f53762853102c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 582108BAA04741EFEB00DF79D84459CB7B0F788B48B404866EE1897B28DB78D964CB51
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990B608 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$abort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1447195878-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 13e5a053fdc59afbd3f437ffbd72ce3def34733e32cc643bca8322f3948ba88d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 039a082c38190d4a98e703d7246384711c3de762b476695ca0b9700f2f769af6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13e5a053fdc59afbd3f437ffbd72ce3def34733e32cc643bca8322f3948ba88d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6016920B0B30662FE987F25A56517DD1B15FC47A0FD64538D96EC27FEDD2CE8644220
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9980EAC Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ed4cd48db317d028437d79ed32fdbf2d4d468542dcded9a22e892753fecea579
                                                                                                                                                                                                                                                                                                  • Instruction ID: 247d2993ef5a328f8854a883535da2e31c6720c453c5e665eeda659cdc61628d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed4cd48db317d028437d79ed32fdbf2d4d468542dcded9a22e892753fecea579
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901DE75A1939192F700AF15B808729FB70BBC1B90F998178DE4943BB0CF7DE8A48B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990CB08 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                                                                                                  • Opcode ID: ac7330c79bed4aab57de26e6616dc9dba57b9b2375f82546eba58886a38cf811
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8665895a516d4a241c52f7188a5ba48942c3e44dfb10916b9e14d36d4474745c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac7330c79bed4aab57de26e6616dc9dba57b9b2375f82546eba58886a38cf811
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00918B63B0A38696EB609F25A14037CBB75ABA5BC0F458131CB9D473A5EE3DE521C311
                                                                                                                                                                                                                                                                                                  Function 00007FF7A99422F8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OleSetContainedObject.OLE32(?,?,?,?,?,?,?,?,?,00007FF7A99427FF), ref: 00007FF7A9942538
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ContainedObject
                                                                                                                                                                                                                                                                                                  • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                                                                  • API String ID: 3565006973-3941886329
                                                                                                                                                                                                                                                                                                  • Opcode ID: de2a3a0168e26fee2e40c3ee8b636971f07da2773716e531a72bd8dc4e14313e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 65c1ccdac747681caf0d194cccafcdd86137dd61ace4bf44a46a43e293031085
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de2a3a0168e26fee2e40c3ee8b636971f07da2773716e531a72bd8dc4e14313e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74913576605B4692DB14EF29E4506ADB3B0FBC8B94F928026CF8D83724EF39D865C710
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990CF38 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                                                                                                                  • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9413e9f027fb7edb937ff8f6307f7599229d27335f94ec4d6bfab0053a1021af
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad7ad8bb6dd3fc2cbed09968f0ccf1fb4cf5b74e96cc2e656f86b64403463f2f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9413e9f027fb7edb937ff8f6307f7599229d27335f94ec4d6bfab0053a1021af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46518C62B193C156E7609F359840369AAF1EBC0B90F899231C7ACC7BE6CF2DD065C711
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997A67C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                                                  • API String ID: 3467290483-2160076837
                                                                                                                                                                                                                                                                                                  • Opcode ID: 65047977eebbc8c03ea8da7fa1849a9fc84c61ba81a5de57a8f8a8a6851eecd5
                                                                                                                                                                                                                                                                                                  • Instruction ID: a8f7f708a2bacd23ff5612c1b2fa9a5f51c91a0466ca8f1270d311ea5238b14a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65047977eebbc8c03ea8da7fa1849a9fc84c61ba81a5de57a8f8a8a6851eecd5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95413A325096C2D6D670AF21E4407AEF7B1FB84790F914239DBA943AA9EF3CD4918B10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9960DE4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _snwprintf
                                                                                                                                                                                                                                                                                                  • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                                                                                                                                                  • API String ID: 3988819677-2584243854
                                                                                                                                                                                                                                                                                                  • Opcode ID: 32885857382379a4b4f2003679ad0bf2db11e685a1a76c32f342b704b352f53d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 106440f33e43d5ae8077c0e4cb7792ea80a8d232eb1bead3a0d52f2360c0697f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32885857382379a4b4f2003679ad0bf2db11e685a1a76c32f342b704b352f53d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF315F76B0A702A5EB10EF65D4401AC7371FB94B84FD24072DA4E97A69DF38E42AC310
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997BA9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$CreateMessageObjectSendStock
                                                                                                                                                                                                                                                                                                  • String ID: $SysTabControl32
                                                                                                                                                                                                                                                                                                  • API String ID: 2080134422-3143400907
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4eb597b33270e80a83c3599876bbbd812a4e3a60a25d597e742004689e749718
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d28efa51b00bea354d79fedf9a500e2d65184ced6ac1df37695ddd424dd805b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eb597b33270e80a83c3599876bbbd812a4e3a60a25d597e742004689e749718
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 303169725097C1CAE760DF25A80479AB7B0F784BA4F544339EAA857AE8CB3CD491CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990DAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileHandleType
                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                  • API String ID: 3000768030-2766056989
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a302059a24ef4730bf8bcb634e8bdb7dbb9c345eed5e02179e57bc52688c5e8
                                                                                                                                                                                                                                                                                                  • Instruction ID: c4e70b9ef15a937ee52410198bcc50cb3bd8299cff1ab0a04db4fc29b7e498db
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a302059a24ef4730bf8bcb634e8bdb7dbb9c345eed5e02179e57bc52688c5e8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE218222A0978251EBA0AF249490139A6E0EBC5774FAA0335D67E8B7F4CE3CD891D351
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997A938 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                  • Opcode ID: e5c794eae5f48c2ef7f2f6a3d8fc67ccb9001089f9c2a959ce90b06ca3cf1746
                                                                                                                                                                                                                                                                                                  • Instruction ID: c011142358c08389f2342423a29719a3d2e5ec4542b7e39850357164e4e01b4b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5c794eae5f48c2ef7f2f6a3d8fc67ccb9001089f9c2a959ce90b06ca3cf1746
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6315C32A097818BE324DF29E44075AB7B5F788750F514239EB9843BA8CB38E451CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997A0DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                  • String ID: Combobox
                                                                                                                                                                                                                                                                                                  • API String ID: 1025951953-2096851135
                                                                                                                                                                                                                                                                                                  • Opcode ID: 419ce087720c7b5737b5b73e28fc957c16fa632f6a553db8683be6f9ef87a6ec
                                                                                                                                                                                                                                                                                                  • Instruction ID: 193f20e6ff0e5e663b517fc7ae9b13d9e7a37f0e629da2ec20a7a2db7f4a910e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 419ce087720c7b5737b5b73e28fc957c16fa632f6a553db8683be6f9ef87a6ec
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1315C326097819AE3709F25B840B5AB7A1F784790F504234EA9843B99CB3CD891CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A997A448 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                  • String ID: edit
                                                                                                                                                                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5492c754c9bff498288acdc113c590e82b98b645c49f858c44027990a109cd19
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8a20298f262a94954d4ac551e6feed40f373dcc8e7ea1b160bccd1b55ed3b7a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5492c754c9bff498288acdc113c590e82b98b645c49f858c44027990a109cd19
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70312B36A097819AE760DF15A44475AB7B1F7887A0F504235DA9C83BA8DB3CD845CF11
                                                                                                                                                                                                                                                                                                  Function 00007FF7A990FC20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _handle_error
                                                                                                                                                                                                                                                                                                  • String ID: "$pow
                                                                                                                                                                                                                                                                                                  • API String ID: 1757819995-713443511
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2a5c1d25bf9eaccf3d95b4360943358a5a34a98ae302652ad79e849c14545523
                                                                                                                                                                                                                                                                                                  • Instruction ID: 78de920033652b7d3d18f173e79701fc0b1e2dc8a486703745f94cf2bc3146ff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a5c1d25bf9eaccf3d95b4360943358a5a34a98ae302652ad79e849c14545523
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27217E72D1CA9493D3B0DF10E04066AEAB0FBDA344F612326F79946964CBBDD1559B00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9980624 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3712363035-3916222277
                                                                                                                                                                                                                                                                                                  • Opcode ID: cc2544113331effc305b0a03fe3b3a35c1ebbb01cab2a7be9a8f7d8f60356f9c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1ac8609c6a678459dda0bdc18bdc60aacae8beb3145bdd09428e186e64505a61
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc2544113331effc305b0a03fe3b3a35c1ebbb01cab2a7be9a8f7d8f60356f9c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D114F72A096419AE710AF11F80119AF7B5FBC4780F855139DA4D87A78CF3DD0A4CF10
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9911444 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                  • String ID: !$tan
                                                                                                                                                                                                                                                                                                  • API String ID: 3384550415-2428968949
                                                                                                                                                                                                                                                                                                  • Opcode ID: 353651fcbdf869610a9aa7174845b6b37f2108fed80d9f7b1c03092e70d52472
                                                                                                                                                                                                                                                                                                  • Instruction ID: 599e0cf94b4b79e82a9b3633fa226b3596b2801612030bc89d1b2add400b217c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353651fcbdf869610a9aa7174845b6b37f2108fed80d9f7b1c03092e70d52472
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F01D631A19B8495DA54DF12A44033AA1A1BFDABC4FA00334E95D07B98EF3CD1508B00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9911378 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                  • String ID: !$cos
                                                                                                                                                                                                                                                                                                  • API String ID: 3384550415-1949035351
                                                                                                                                                                                                                                                                                                  • Opcode ID: a332118c418a9a5553ba94b25f2e8775fa0e5e0d6883273b594770b1dd192514
                                                                                                                                                                                                                                                                                                  • Instruction ID: f4672f0f4a5749a0854cb649da83c337a640d130d4113aba85fc00fc4bd150f7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a332118c418a9a5553ba94b25f2e8775fa0e5e0d6883273b594770b1dd192514
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40012832E19B8491DA54DF12A44033AA171BFDABC4F904324E95D06BE8EF3CD0514B00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A991138C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                  • String ID: !$sin
                                                                                                                                                                                                                                                                                                  • API String ID: 3384550415-1565623160
                                                                                                                                                                                                                                                                                                  • Opcode ID: baa30cb22590ecb22bb061425c7c6612d2a3b082cca11217b3942b55bf4d3348
                                                                                                                                                                                                                                                                                                  • Instruction ID: e67c815e1dceebaac8c5eff061b170e9e74f136a0a6354665535077807e8183e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: baa30cb22590ecb22bb061425c7c6612d2a3b082cca11217b3942b55bf4d3348
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5012832E19B8891DA54DF12A44033AA171BFDABC4F904334E95D06BE8EF7CD0914700
                                                                                                                                                                                                                                                                                                  Function 00007FF7A9911200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _handle_error
                                                                                                                                                                                                                                                                                                  • String ID: "$exp
                                                                                                                                                                                                                                                                                                  • API String ID: 1757819995-2878093337
                                                                                                                                                                                                                                                                                                  • Opcode ID: ca465fa898a567bf7fb695c7da4f831c21791187771085b507e6f3573d05dac5
                                                                                                                                                                                                                                                                                                  • Instruction ID: f97da9a3d9609ce79ace1d73b887fc48cbe2c21c785cebfe6fffbedef6a5cca8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca465fa898a567bf7fb695c7da4f831c21791187771085b507e6f3573d05dac5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB01C436929B88D7E760DF24D0492AABAB1FFEA704F601319E7441A674CB7DD0919B00
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F7450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • try_get_function.LIBVCRUNTIME ref: 00007FF7A98F7479
                                                                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?,?,00007FF7A98F70D1,?,?,?,?,00007FF7A98F649C,?,?,?,?,00007FF7A98F4B1B), ref: 00007FF7A98F7490
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Valuetry_get_function
                                                                                                                                                                                                                                                                                                  • String ID: FlsSetValue
                                                                                                                                                                                                                                                                                                  • API String ID: 738293619-3750699315
                                                                                                                                                                                                                                                                                                  • Opcode ID: f78dc03a8b7e459b2f5a523a33989f4a04428b56cdb294ea6966631ac146a953
                                                                                                                                                                                                                                                                                                  • Instruction ID: 165f90d699224529be70af3398f739b6187fa72d472998b87312eca8229cb90d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f78dc03a8b7e459b2f5a523a33989f4a04428b56cdb294ea6966631ac146a953
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E0E5A2A0A502A2FB046F00E4000B9E272AF98782FDA9079D50D862B2DE3CD4B4C230
                                                                                                                                                                                                                                                                                                  Function 00007FF7A98F5468 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7A98F5471
                                                                                                                                                                                                                                                                                                  • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7A98F5482
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98F6EA8: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A98F5487), ref: 00007FF7A98F6F1D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7A98F6EA8: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A98F5487), ref: 00007FF7A98F6F4F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1792912422.00007FF7A98D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A98D0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792883738.00007FF7A98D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A9985000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1792985935.00007FF7A99A8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BA000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793057766.00007FF7A99BE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000E.00000002.1793104880.00007FF7A99C4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff7a98d0000_Senegal.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                  • API String ID: 3561508498-410509341
                                                                                                                                                                                                                                                                                                  • Opcode ID: badd8b7e3d07d99b52e3bffc87efa81072822f9ce37558ce68a18c88b8dc1f94
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e02bf101c0dc859f0e962df182121500dca581edc30e1e35d117d285a99f9c9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: badd8b7e3d07d99b52e3bffc87efa81072822f9ce37558ce68a18c88b8dc1f94
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5D01763A1AA86A1EF10FF04D8803A9E334FB94308FE55435D14DC15B1EF2CDA6AC310

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                                                                                                                                                                                  • String ID: ,$,$H$H
                                                                                                                                                                                                                                                                                                  • API String ID: 2459737528-3578512806
                                                                                                                                                                                                                                                                                                  • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0871e3dd579096f61c547548a7848982b2a5e783d9f3ebf3974150631b45b0e3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0802833065CB858BD764DF18D8C466BB7E5FBD8300F50893EE58EC3291EA74A9418B87
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4F180 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPathPort$NameName_free
                                                                                                                                                                                                                                                                                                  • String ID: $0$@
                                                                                                                                                                                                                                                                                                  • API String ID: 1495449958-2347541974
                                                                                                                                                                                                                                                                                                  • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 57971f4cb0f89438859ac0ee580daf6f5e03774a00cfda5b786dd159c1b324a8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F51A53495C7888FE765DF18E4857AA77E0FB89300F54552EE48FC2241EB74E5858B83
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPortfree
                                                                                                                                                                                                                                                                                                  • String ID: $0$@
                                                                                                                                                                                                                                                                                                  • API String ID: 2184535508-2347541974
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                  • Instruction ID: a70cdda5f4437001be1b511aab6cd6f594b7786f7680e8fc5f1cc489efd12fcb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF51293060CB898FE765DF68D494BABB7E5EB98301F14592EE48EC3260EF74D4448B42
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F40B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                                                                                                                                                                                  • String ID: \
                                                                                                                                                                                                                                                                                                  • API String ID: 2722548352-2967466578
                                                                                                                                                                                                                                                                                                  • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                  • Instruction ID: f5edaa68e72981fa95662c56f49013b501aa38c7c0628771f9dbb35f872751f4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9841A031648988CFDB55EF28ECC8ADA77B5FB94701F144666D40BDB165EF38A844CB80
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F408CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3114477661-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 634e6dfd871d24f72dbd9bd0b942b3a8ab515b1f8ed461410a8700cd584f07f6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0971723061CB888FE764DF28D8897ABB7E5FB94315F04462ED48AC3291EF78D4418B42
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F459B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                  • Instruction ID: e28e42dd68106ddbc0cb082072e4bbb8425090afba876ffcb661e690e99c01e8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE316D30618A488FE7A5EF28D8D879A77E5FB94310F10562BE45BC31D0EF38D8858B81
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F2286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 557f791d37e6f4eb88967d4f0da03256a1f25497bd3f9ba0b4a48f79603b64a2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A91C930A0C9554BDBA89F18E8D527A73E1FF59320F15D16ED18FC7585EA38E842CB81
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F460F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                  • Instruction ID: 93fa49f8eb23e6a9784d4520bf5945ed8b787475b5c92916050bca28ec78d0e5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331833075CA484FE748EF58E89966FB7F1FBC9351F40452EE44AC3251EA78D8418742
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7eb52f38d786652cbe2e4b1ade0f1dccb007018ecf8d5a81d1f25b2fd3d5599f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F0BD30E1CB848FDB64EF2CD4C9B5977E1FB98300F50851DE84CC3245EA3498808B86
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                  • Instruction ID: afdc888e78a444dc5419cbbf705c9d9ae2c0f8e36af171bfd32432a2c469c45e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98F06634A1C7C48FD7A0DF688585B9ABBF0BB99354F54595EE4CCC3211D73594848B43
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                  • Instruction ID: c36340bd92549a28c805d6afba917e8e3114a333a49476163ae24c8c8d1f2ef9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CE09B3561CA448FDB04DF94D8C55AAF7F4EBD8300F008D7AE84BC7164D264D688C642
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 82e990b382602f0ffb8a771168de5ad7b5938da16f360d6ab495c633c7fab3c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16D05E30EA8A894BDA10EB28988061637F1FBD9318F90C654D44DC3200F23CE4808782
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5a0526e44b728bc3fa03d9ca97ad987184701552b5b80a13a67e35c67dc78040
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9C08C00E6880A5BEB06E6AE5CC0A2A24A4AB4CB00F809020E80AC2180F44CE8C09392
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4C7F4C0F7), ref: 00007DF4C7F4E160
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                  • Instruction ID: 86e5853013d8f0b6e8fd37c00139bc1abeb0008066e1c1042bdc850defd34202
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEC08C20ED890B8FEA08B6BA6CC030621B8AB8C320F808091D40AC2280F80CE4C04392
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F24998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                                                                                                  • API String ID: 3061335427-2363233923
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e42170e8ca87b8c4912513ab91e9a35debd6eefb9edb49bd76a95e518d28ed1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18B18931A1CA844BE769AB18A4D16FBB7E1FF94300F50556EE0DBC3183ED78E506C686
                                                                                                                                                                                                                                                                                                  Function 000001B9B7D804E0 Relevance: 4.8, APIs: 3, Instructions: 252fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.1785517253.000001B9B7D80000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001B9B7D80000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_1b9b7d80000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual$CloseFileHandleView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 867161474-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 891408fe0d1448a39d4c9211b5b17748033e0253f96817e96866cc630ca6b417
                                                                                                                                                                                                                                                                                                  • Instruction ID: 11ab3d26fdf7718446f367e027a2127798330539073e6811ce0f115e226cdd4c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 891408fe0d1448a39d4c9211b5b17748033e0253f96817e96866cc630ca6b417
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A71A831608B094FD758EF28E845BAAB3E1FBD4350F44462DE58AC3281DF34E84287D2
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F3A0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2835849967-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c4349b8f13fdc83f3a914ed9afef9834ea3b39dbbd31672bcaf41932fc509df
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9D13D7151CB888BE765EF28D4857ABB7E0FF95700F10962EE48FC3191EB34A5458B82
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F5128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1c1ffb24b04c03fb1ad10fcd39819532a74cca09cdea0cea0a56478ead9c5038
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F71967060CB844FE7949F58E4C536EB7E1FB98341F50593EE48FC3292EB38A8458646
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F39F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                  • Instruction ID: f84e3f657f8738beb17860c815b41fa176647b11a606a95455e4cf68064ef19c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D41A17060C6484FEB58EF39A8C566AB7E5FB99701F00452EE88FC7191EA34D9018B82
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F78194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                  • Instruction ID: 947971fa1895a4bae260804ffb3f5080806568fd0287a57a421dfad5eb69e97d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1418330618E488FE758AF28E8D866B77E5FB49312F50553EE44BC2291EB38D941C786
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F79488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 40ef835e00681bc52ea006b44b499676f8f01294dbaa9dc050e7a300a3220a20
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931923071C9644FFB94DF28B8C562A3BF5EB55315F90A07AE80FC2192FA29DC418796
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F50E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7fbb8b8e2066942d523130e95f9298414fa9cc90edf9b8a098a2c2d8db163d55
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C421D87070C7484BE3649E6CB8C627B73E4EB99720F10513FE98FC2242EE74A8074696
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F477EC Relevance: 2.6, APIs: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: callocmalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1635859522-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                  • Instruction ID: 65bdef887b1820626972fff824df322affe424099a3a663fbe6e06549a0f29c1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F21A531614D1C8FDB58EF2CD88C6A177E1FB6831271441A7D80ECB255DA35E885CB91
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F3D818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Path$AcceptConnectNameName_Portcallocfree
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3949126726-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: ed970dc3946eb91a81fb8fea0d94182bfec44ab8184b7d7808182ab58b26b137
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91012B31214E084FE748BB5CECCA4F677E1E799762704817AE40BC3251ED35E8418BD1
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F39BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateFileMapping
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 524692379-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                  • Instruction ID: b26bef08c68801ed8872cf4a812af2a0aabdea653b094eb5730d4f52ece9c140
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79B1537161CA888FE755EF24D4C46ABB7E1FB94340F505A2EE04FC7191EA34E545CB82
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F79A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4053a364891d2d48100831cc8b46b965ef6dc4c972c31e5b6c21e8666f5d381c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D915D70618E898FEB94DF2CD4C8AA67BF0FF15315F60416AD84BC65A1EB39E840CB51
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F22514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                  • Instruction ID: d0b0d7330737ecdff0c386fe5e1dd46d13ed6f2ff526d0e77be7cb8209fc9fa8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3051E73161CE4D8FEB55AF6CA49837A76E1FB98300F01C13AE54FC3194EE68E8818781
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F35870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                  • Instruction ID: b114ed41558d590b9066be933444f83653264e34bcbc4a7c8f6182e5a2e084ac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3612B7151C6888BD766EF64E8D56EBB7E1FB94300F404A2EE48FC3151EE34A545CB42
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F50BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5683b8a2cc606e64c06b90fe42c3ee5b2f40e22aef7bdb6597195424c470d465
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9651223061CB848FE7A4DF28E88576BB7E5FF95310F00552EE48BC3191EA74E9418B56
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F384B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • TlsFree.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4C7F337B8), ref: 00007DF4C7F385F1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3978063606-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 262ec2f9f1b0a134a9e7966f689d48806c234e714f63f0f0d045eb90f21116c8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4418430B08A888FEB54EF29A4D556E77A1FF58710B149527E41FC7285EE2CF8018795
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F336BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                  • Instruction ID: f4970b5736e64a734b134d275c78a593bd7f2a9d02c77966cf2ec83f6ac64119
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD31B861B1C5891BFB98FF68B8C257A72F2EF45301B50943BD40FC31D2E99CAC454682
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F79878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 92426aaea11a2894ca46a1e953c0151f292513a0c532499705f418db0aeaeea0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4021C9307089044FEB58EF78A8CD66677E2FF55325F10967AE82FC72D6EA389C018651
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F36748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: getaddrinfo
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 300660673-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                  • Instruction ID: d6544447ded8c80d02935439c9549942ddde0b4708186aec9b211eb8c2ab0725
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55316D70618A488FEB54DF28D8D8B5A73E1FF98715F104279D84EDB291DB39E802CB41
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F78420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ee96a10c806b852b7407f90658aaca5c19b877efe76838c4d70c47c9246a60a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3511873071C94D4FE6589F69A8C576672E1FB48325F60963AE41FC22D2EB68AC068241
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F3B6D0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: fc1355108e86990378ee7be820120741aa4376b048d334821943b1eab222f938
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16e1568c6a76373ab4e370fb21badbf2f11a7a699bad3e6ac181f985276494d2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc1355108e86990378ee7be820120741aa4376b048d334821943b1eab222f938
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE119A3161CA8C5FD754EF29E88569BB7E7FBC4300F40962AE08EC3145DE38E5468742
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F22B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 07be5185cd3daa850ebe5c25f856cc5f8ec0be5a891077ed1180f07d452ebc3e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1901A230A149098FDB54AF6DECC863673E6FB8C311B458075E80AC7144EA76A881CB51
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F78374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: closesocket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                  • Instruction ID: 852ca0e1ec0f87711bbafda20cae8157d6deb4a07d42de80e76e1fe2b581ff82
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40014F70914A488FEBC4DF1DD4C87213BE4EF54329F4421A6DC0ACA196E375DC90C780
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F22D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 076c5068f302e6198dab9e4e593b4a88c94b6911bc81530abab73df336cd8e71
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F0E533E0C54C8BE724BEBA7CC027621A1EB84320F96E53BD70FC2581E97A98C25250
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F33424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                  • Instruction ID: a3b95164d06cb893889df09e437d5a5ab31fc1b94b4de7b8598e69ac93922e64
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52E0C211B08C0D1B6BA866AE288C57755D6CBDC132304427BE41DC3299EC54CC820380
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F50DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F333F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction ID: 64594a9893d530521ebd0669c65bd7179455cf6e55c5a33e62887906fff8edbf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1D05E10728D0D0BEA486B2D6CD57265599EBDC221B51513AE40AC2281E998CC590200
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7FAD66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,00007DF4C7FBEF2F,?,?,?,?,00000000,00000000), ref: 00007DF4C7FAD689
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                  • Instruction ID: cb253301bc62e229eb00630aaa2a6e39a158c64ea64d209ad471c33d8f81411d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3E0123161484487F349FB31EC954D77361FB97300B805562D407850E5EE2D5546C681
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F35DA0 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: calloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: dfd5de513014feeca2ea6a5655253777c3ae0630530cb0c5a80ea795c504b161
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d5638c70e051eb7d7329d9e405fb39abf59fa50cbd0ecccf2652e574cace9c6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfd5de513014feeca2ea6a5655253777c3ae0630530cb0c5a80ea795c504b161
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3761633061CE488FDB55EF18D4C096AB3E1FF98711B50566AD44ECB296EA34FC82CB81
                                                                                                                                                                                                                                                                                                  Function 000001B9B7D800FC Relevance: 1.5, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.1785517253.000001B9B7D80000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001B9B7D80000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_1b9b7d80000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: abb3666d5f0e7e3691c5e241d5b349d303e7c196ced747a2022f8ae30c0d6593
                                                                                                                                                                                                                                                                                                  • Instruction ID: 51ddec2b60356a1e454d0ca9a63e7a5268cf563ddadd5bdec14b3e010524367f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abb3666d5f0e7e3691c5e241d5b349d303e7c196ced747a2022f8ae30c0d6593
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E91AE702197808FE3A0CB18C581B6EBBE0FB99348F580A6DF6C9C7291D779D8419B16
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F3DA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007DF4C7F4E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4C7F4C0F7), ref: 00007DF4C7F4E160
                                                                                                                                                                                                                                                                                                  • malloc.MSVCRT ref: 00007DF4C7F3DB44
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007DF4C7F477EC: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4C7F6740A), ref: 00007DF4C7F4780B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc$AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1211516610-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                  • Instruction ID: dd5b9b34231b52e4d627b8e1a5ce985aff68cf6884a8afb2c0b39c5ab63886f4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4415C74508A4C8FEB64EF18D8C67AA77E5FB58301F10417AD84EC7251EB34E984CB92
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F47598 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8cb242a672681370c9def68079332ec705880be5b8be8c9ecbbbdaed91d1c076
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72416431608D0E9FDB84EF2CD888EA5B7F1FB68311715866BD40AC3655DB34E8858BC0
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4B6D6 Relevance: 1.4, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: calloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 016065779effee92b08aa4e101102a3fc03117ac52a1227154ee3a2b887fe029
                                                                                                                                                                                                                                                                                                  • Instruction ID: 84a77145d07f2abc696edf309ca739cf6b1c516206d98208f655652ad0a97fbd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 016065779effee92b08aa4e101102a3fc03117ac52a1227154ee3a2b887fe029
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE410030658A558FDAA9EF28D4D0AAAB3F1FF54700F10962ED45FC3692EB34F8458781
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7FFEA54 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: calloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 79c897e30c409986046ecdee3c63dcb6092d0cf8b7926c5e2309854afc3926a6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD41D670908A188FEB91DF1894C87D57AE5FB68701F1842BBDC4DCF25ADB748885CBA0
                                                                                                                                                                                                                                                                                                  Function 00007DF4C801CB9C Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                                                                                                                                                                  • Instruction ID: 61dbd87f86c2d87572ce9e51ed94e166afc0651c6f9d7fc23c181ececd6e24d4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07212D74B088584FDEE4EE1DC4C896977E2EB98720F6762A2D81EDB1D9D525EC80C780
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4A38C Relevance: 1.3, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f5a3a58eed83403a542f8b521778edd5e1a0bdd2712daf8585e878911d081cc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A213331608A484FDF94EF28D845AAA77E1FF94315F00462AF85ED3191DA35E941CB91
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F268B8 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • malloc.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF4C7F26946), ref: 00007DF4C7F268FD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                                                                                                                                                                  • Instruction ID: a3b3bfe511891ee46f0f1d42fa716a39604b1a25133533eefcae39357d207e94
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28018631A04D065BE7589F69D4C8736B6E1FB98311F24417BD509C3681EB38E8D1C7C0
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F2272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c556b50115ea8d2115d993d0c38dc74eab9f377cd6d1ed4a7800d5a93c52107
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D011230A2CD4A8BDB98EF2CA88563636F1FB58315755D17ED41EC72D0E639D8428741
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F4778C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                  • Instruction ID: f53194700ed945c27fc6576587ea93f6d7fc2deabe208a3af1938e16c3d1d867
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F03070665E0B4FEB94EF29D4D8B2273E1FB58305FA0417AD41AC3190E7799894CB61
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F83A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                  • Instruction ID: c63210d7295c164e96bb566c803e1202f3f62df238f7f7175ce3206a49a4a000
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98F0F43475B94ACBFF58AF65A8E823977E0EF14302B04502BE84BC15B0DB6CA5549726
                                                                                                                                                                                                                                                                                                  Function 00007DF4C7F240EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.2346104959.00007DF4C7F21000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4C7F21000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_7df4c7f21000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                  • Instruction ID: c5eee615a0e301738476f6a47ac4deaa23d887ecd681c14cfaf2a6ef2f22ca63
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDD05E7070AD0B0BEF9DABAA54E963532E0DF68352720103DD81BC1591DA59C841D700

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 000001B9B9FE1488 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000003.1786164450.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmp, Offset: 000001B9B9FD0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 0000000F.00000003.1786629131.000001B9BA144000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 0000000F.00000003.1786800305.000001B9B9FD0000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_3_1b9b9fd0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: RegSetKeySecurity$ResetWriteWatch$storyInfo$ysicalPages
                                                                                                                                                                                                                                                                                                  • API String ID: 0-1416083389
                                                                                                                                                                                                                                                                                                  • Opcode ID: 50f4d14f6283b07c60f4d39bcea3b752794f769e6642f6e1a10f6cf0ffdc1965
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9c28581cc09b6d0ffe7512d96a8aeca156fe589a7c7afc4da55192d2c84098b0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50f4d14f6283b07c60f4d39bcea3b752794f769e6642f6e1a10f6cf0ffdc1965
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20517B32215E4491EAA0DF55F660BE833A1F78ABA4F648522DB0E473A5EF38CC468300

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:3.5%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:28.7%
                                                                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:327
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                                  execution_graph 38394 7df43c6734a8 38395 7df43c6734be 38394->38395 38397 7df43c67352f 38394->38397 38396 7df43c6734fe SetWinEventHook 38395->38396 38395->38397 38396->38397 38398 28a4dd7515c 38411 28a4dd82a20 38398->38411 38400 28a4dd75374 38401 28a4dd751b5 38401->38400 38402 28a4dd75367 38401->38402 38414 28a4dd82dac 38401->38414 38423 28a4dd8290c 38402->38423 38407 28a4dd752f2 38420 28a4dd82ddc 38407->38420 38410 28a4dd82dac NtAcceptConnectPort 38410->38407 38412 28a4dd82a45 38411->38412 38413 28a4dd82a30 NtAcceptConnectPort 38411->38413 38412->38401 38413->38412 38415 28a4dd82dbc NtAcceptConnectPort 38414->38415 38416 28a4dd75244 38414->38416 38415->38416 38416->38402 38417 28a4dd82cac 38416->38417 38418 28a4dd75290 38417->38418 38419 28a4dd82cbf NtAcceptConnectPort 38417->38419 38418->38407 38418->38410 38419->38418 38421 28a4dd82dec NtAcceptConnectPort 38420->38421 38422 28a4dd82df0 38420->38422 38421->38422 38422->38402 38424 28a4dd8291c NtAcceptConnectPort 38423->38424 38425 28a4dd82920 38423->38425 38424->38425 38425->38400 38426 28a4dd7bc28 38427 28a4dd7bc2d 38426->38427 38429 28a4dd7bc56 38426->38429 38430 28a4dd7ba4c 38427->38430 38431 28a4dd7ba6d 38430->38431 38432 28a4dd7bb44 CreateWindowExW 38431->38432 38433 28a4dd7bba1 38431->38433 38432->38433 38433->38429 38434 7df43c6c3cb0 38435 7df43c6c3cc7 38434->38435 38438 7df43c6c2f48 38435->38438 38437 7df43c6c3cd5 38439 7df43c6c2f6a 38438->38439 38441 7df43c6c2f87 38439->38441 38442 7df43c6c2e90 NtQuerySystemInformation 38439->38442 38441->38437 38443 7df43c6c2eb3 38442->38443 38444 7df43c6c2eb9 malloc 38442->38444 38443->38444 38445 7df43c6c2ecf NtQuerySystemInformation 38444->38445 38446 7df43c6c2eeb 38444->38446 38445->38446 38446->38441 38447 28a4dd7cc9c 38448 28a4dd7ccba 38447->38448 38461 28a4dd7cd34 38447->38461 38449 28a4dd7ce5f 38448->38449 38450 28a4dd7cce0 38448->38450 38448->38461 38451 28a4dd7a7e0 malloc 38449->38451 38452 28a4dd7ce2e 38450->38452 38455 28a4dd7ccf7 38450->38455 38454 28a4dd7ce42 38451->38454 38481 28a4dd7a7e0 38452->38481 38456 28a4dd7ce93 ReadFile 38454->38456 38457 28a4dd7cd2b 38455->38457 38458 28a4dd7cded 38455->38458 38455->38461 38456->38461 38457->38461 38462 28a4dd7c994 38457->38462 38474 28a4dd7bc64 38458->38474 38463 28a4dd7cc66 38462->38463 38471 28a4dd7c9ce 38462->38471 38463->38461 38464 28a4dd7cc4f 38497 28a4dd7a9d4 38464->38497 38466 28a4dd7cbca free 38467 28a4dd7cbd5 38466->38467 38467->38464 38492 28a4dd7c2d0 38467->38492 38469 28a4dd7cbc2 38496 28a4dd8e398 free free free 38469->38496 38471->38463 38471->38466 38471->38467 38471->38469 38485 28a4dd8e7e8 free free free 38471->38485 38486 28a4dd8dbcc 38471->38486 38475 28a4dd7bc92 38474->38475 38476 28a4dd7bd60 38474->38476 38475->38476 38477 28a4dd7bcb5 OpenFileMappingW 38475->38477 38476->38461 38477->38476 38478 28a4dd7bcd2 MapViewOfFile 38477->38478 38479 28a4dd7bd57 CloseHandle 38478->38479 38480 28a4dd7bcf0 38478->38480 38479->38476 38480->38479 38482 28a4dd7a800 38481->38482 38483 28a4dd7a847 38481->38483 38482->38483 38484 28a4dd7a86b malloc 38482->38484 38483->38454 38484->38483 38485->38471 38487 28a4dd8dbde 38486->38487 38488 28a4dd8dbe5 38486->38488 38487->38471 38488->38487 38489 28a4dd8dc24 38488->38489 38490 28a4dd8dc1e free 38488->38490 38489->38487 38502 28a4ddb4c3c 38489->38502 38490->38489 38493 28a4dd7c313 38492->38493 38495 28a4dd7c87a 38492->38495 38494 28a4dd7c7c0 VirtualAlloc 38493->38494 38493->38495 38494->38495 38495->38464 38496->38466 38498 28a4dd7a9f8 38497->38498 38499 28a4dd7a9e7 free 38497->38499 38500 28a4dd7aa17 38498->38500 38501 28a4dd7aa02 free 38498->38501 38499->38498 38499->38499 38500->38463 38501->38500 38501->38501 38503 28a4ddb4c83 38502->38503 38504 28a4ddb4c4a 38502->38504 38503->38487 38504->38503 38505 28a4ddb4c65 free 38504->38505 38506 28a4ddb4c6c free 38504->38506 38505->38506 38506->38503 38507 28a4dd7cee0 38508 28a4dd7cef3 38507->38508 38509 28a4dd7cf49 38507->38509 38510 28a4dd7a7e0 malloc 38508->38510 38511 28a4dd7cf05 38510->38511 38512 28a4dd7cf28 ReadFile 38511->38512 38512->38509 38517 7df43c6944a0 38518 7df43c6944bd 38517->38518 38524 7df43c694594 38518->38524 38525 7df43c691d34 38518->38525 38522 7df43c6944f7 38523 7df43c694562 calloc 38522->38523 38522->38524 38523->38524 38526 7df43c691d41 38525->38526 38527 7df43c691d67 38525->38527 38526->38527 38528 7df43c691d47 RtlAddFunctionTable 38526->38528 38529 7df43c691d6c 38527->38529 38528->38527 38530 7df43c691d8c VirtualProtect 38529->38530 38532 7df43c691d9b 38529->38532 38530->38532 38531 7df43c691e39 38531->38522 38532->38531 38533 7df43c691e15 VirtualProtect 38532->38533 38533->38532 38534 28a4dd7698c 38535 28a4dd769a6 38534->38535 38536 28a4dd769b0 38535->38536 38537 28a4dd769ab LoadLibraryA 38535->38537 38537->38536 38538 7df43c6725d4 NtQuerySystemInformation 38539 7df43c6725f7 free 38538->38539 38540 7df43c6725fd malloc 38538->38540 38539->38540 38541 7df43c67262f 38540->38541 38542 7df43c672613 NtQuerySystemInformation 38540->38542 38542->38541 38543 28a4dd75918 38546 28a4dd76c68 38543->38546 38545 28a4dd7592a 38548 28a4dd76c71 38546->38548 38554 28a4dd76d54 38546->38554 38548->38554 38557 28a4dd83218 38548->38557 38549 28a4dd76d06 38549->38554 38565 28a4dd73c88 38549->38565 38551 28a4dd76d12 38552 28a4dd76d29 SetErrorMode 38551->38552 38553 28a4dd76d42 38552->38553 38556 28a4dd76d6c 38552->38556 38553->38554 38569 28a4dd769ec 38553->38569 38554->38545 38556->38545 38562 28a4dd83265 38557->38562 38558 28a4dd842a6 38558->38549 38559 28a4dd83d5a RtlFormatCurrentUserKeyPath 38560 28a4dd83d66 38559->38560 38560->38558 38561 28a4dd83eab calloc 38560->38561 38561->38558 38563 28a4dd83ed1 38561->38563 38562->38558 38562->38559 38562->38560 38563->38558 38585 28a4dd7563c 6 API calls 38563->38585 38566 28a4dd73cbb 38565->38566 38567 28a4dd73c95 38565->38567 38566->38551 38567->38566 38568 28a4dd73c9b RtlAddFunctionTable 38567->38568 38568->38566 38570 28a4dd769f5 38569->38570 38579 28a4dd76a68 38569->38579 38571 28a4dd76acd 38570->38571 38573 28a4dd76a21 38570->38573 38609 28a4dd8105c 16 API calls 38571->38609 38574 28a4dd76a3d 38573->38574 38575 28a4dd76a99 38573->38575 38573->38579 38576 28a4dd76a8c 38574->38576 38577 28a4dd76a42 38574->38577 38608 28a4dd816c8 13 API calls 38575->38608 38607 28a4dd81188 16 API calls 38576->38607 38580 28a4dd76a77 38577->38580 38581 28a4dd76a47 38577->38581 38579->38554 38606 28a4dd812bc 19 API calls 38580->38606 38581->38579 38586 28a4dd7d7c0 38581->38586 38585->38558 38587 28a4dd7d7e0 38586->38587 38588 28a4dd7d7fb MapViewOfFile 38587->38588 38589 28a4dd7d85f CloseHandle 38587->38589 38596 28a4dd7d825 38588->38596 38590 28a4dd7d92b 38589->38590 38591 28a4dd7d871 38589->38591 38592 28a4dd7a9d4 2 API calls 38590->38592 38591->38590 38610 28a4dd72b54 38591->38610 38593 28a4dd7d935 38592->38593 38593->38579 38595 28a4dd7d881 38595->38590 38614 28a4dd7e2a8 38595->38614 38596->38589 38600 28a4dd7d893 38623 28a4dd7d3b4 6 API calls 38600->38623 38602 28a4dd7d898 38624 28a4dd779a0 38602->38624 38604 28a4dd7d8e7 38630 28a4dd72ba8 6 API calls 38604->38630 38606->38579 38607->38579 38608->38579 38609->38579 38611 28a4dd72b64 38610->38611 38612 28a4dd72b6d HeapCreate 38611->38612 38613 28a4dd72b86 38611->38613 38612->38613 38613->38595 38615 28a4dd7e2c0 38614->38615 38619 28a4dd7e30a 38615->38619 38631 28a4dd72c24 38615->38631 38617 28a4dd7e317 VirtualProtect 38635 28a4dd71000 38617->38635 38618 28a4dd7d88e 38622 28a4dd7e1dc GetSystemInfo VirtualAlloc 38618->38622 38619->38617 38619->38618 38621 28a4dd7e344 VirtualProtect 38621->38618 38622->38600 38623->38602 38627 28a4dd779ce 38624->38627 38625 28a4dd77c40 38625->38604 38626 28a4dd7a9d4 2 API calls 38626->38625 38627->38625 38629 28a4dd77b8e 38627->38629 38644 28a4dd777dc 38627->38644 38629->38626 38630->38590 38632 28a4dd72c52 38631->38632 38634 28a4dd72cbc 38632->38634 38637 28a4dd724c4 38632->38637 38634->38619 38636 28a4dd7100c 38635->38636 38636->38621 38636->38636 38640 28a4dd722d4 GetSystemInfo 38637->38640 38642 28a4dd72305 38640->38642 38641 28a4dd723cf 38641->38634 38642->38641 38643 28a4dd723a4 VirtualAlloc 38642->38643 38643->38641 38643->38642 38645 28a4dd77804 38644->38645 38652 28a4dd83158 38645->38652 38647 28a4dd7782d 38649 28a4dd77879 38647->38649 38656 28a4dd82ec8 38647->38656 38650 28a4dd778bb GetVolumeInformationW 38649->38650 38651 28a4dd7790c 38649->38651 38650->38651 38651->38629 38653 28a4dd8317b 38652->38653 38655 28a4dd83173 38652->38655 38654 28a4dd831dc NtAcceptConnectPort 38653->38654 38653->38655 38654->38655 38655->38647 38657 28a4dd82f11 38656->38657 38658 28a4dd82f67 NtAcceptConnectPort 38657->38658 38659 28a4dd82f1b 38657->38659 38658->38659 38659->38649 38660 28a4dd7d004 38661 28a4dd7d057 38660->38661 38668 28a4dd7aef0 38661->38668 38663 28a4dd7d07f CreateNamedPipeW 38664 28a4dd7d0c7 38663->38664 38667 28a4dd7d109 38663->38667 38665 28a4dd7d0e0 BindIoCompletionCallback 38664->38665 38666 28a4dd7d0f8 ConnectNamedPipe 38665->38666 38665->38667 38666->38667 38669 28a4dd7af2c 38668->38669 38672 28a4dd82e84 38669->38672 38671 28a4dd7af34 38671->38663 38673 28a4dd82e98 NtAcceptConnectPort 38672->38673 38674 28a4dd82eb2 38672->38674 38673->38674 38674->38671 38675 7df43c6f22cc 38677 7df43c6f22ee 38675->38677 38676 7df43c6f276d 38677->38676 38683 7df43c6f1290 38677->38683 38681 7df43c6f2329 38681->38676 38682 7df43c6f2754 SetTimer 38681->38682 38682->38676 38684 7df43c6f12c3 38683->38684 38685 7df43c6f129d 38683->38685 38687 7df43c6f12c8 38684->38687 38685->38684 38686 7df43c6f12a3 RtlAddFunctionTable 38685->38686 38686->38684 38688 7df43c6f12e8 VirtualProtect 38687->38688 38690 7df43c6f12f7 38687->38690 38688->38690 38689 7df43c6f1395 38689->38681 38690->38689 38691 7df43c6f1371 VirtualProtect 38690->38691 38691->38690 38692 7df43c6c4290 38694 7df43c6c42c3 38692->38694 38693 7df43c6c44c0 38694->38693 38703 7df43c6c1708 38694->38703 38698 7df43c6c4453 38699 7df43c6c449b SendMessageA 38698->38699 38699->38693 38700 7df43c6c43f0 calloc 38701 7df43c6c42fe 38700->38701 38701->38693 38701->38698 38701->38700 38712 7df43c6c31bc free 38701->38712 38704 7df43c6c1715 38703->38704 38705 7df43c6c173b 38703->38705 38704->38705 38706 7df43c6c171b RtlAddFunctionTable 38704->38706 38707 7df43c6c1740 38705->38707 38706->38705 38708 7df43c6c1760 VirtualProtect 38707->38708 38710 7df43c6c176f 38707->38710 38708->38710 38709 7df43c6c180d 38709->38701 38710->38709 38711 7df43c6c17e9 VirtualProtect 38710->38711 38711->38710 38712->38701 38713 28a4dd72908 38714 28a4dd7295b 38713->38714 38715 28a4dd7291a 38713->38715 38715->38714 38716 28a4dd7293d ResumeThread 38715->38716 38716->38715 38717 28a4dd884c0 SetErrorMode 38718 28a4dd884d4 38717->38718 38719 28a4dd8b936 socket 38718->38719 38720 28a4dd8b9c3 socket 38719->38720 38721 28a4dd8b97a getsockopt 38719->38721 38723 28a4dd8b9e3 38720->38723 38721->38720 38724 28a4dd82d80 38725 28a4dd82d9f 38724->38725 38726 28a4dd82d90 NtAcceptConnectPort 38724->38726 38726->38725 38727 28a4dd774f0 38730 28a4dd77528 38727->38730 38728 28a4dd77782 38729 28a4dd775c3 VirtualFree 38729->38730 38730->38728 38730->38729 38731 7df43c6747b8 38733 7df43c6747ee 38731->38733 38732 7df43c674b08 38733->38732 38743 7df43c671708 38733->38743 38737 7df43c674909 calloc 38740 7df43c67482b 38737->38740 38742 7df43c674a12 38737->38742 38738 7df43c674958 38739 7df43c6749e3 SendMessageA 38738->38739 38739->38742 38740->38732 38740->38737 38740->38738 38752 7df43c672730 NtQuerySystemInformation free malloc NtQuerySystemInformation 38742->38752 38744 7df43c67173b 38743->38744 38745 7df43c671715 38743->38745 38747 7df43c671740 38744->38747 38745->38744 38746 7df43c67171b RtlAddFunctionTable 38745->38746 38746->38744 38748 7df43c671760 VirtualProtect 38747->38748 38750 7df43c67176f 38747->38750 38748->38750 38749 7df43c67180d 38749->38740 38750->38749 38751 7df43c6717e9 VirtualProtect 38750->38751 38751->38750 38753 7df43c6d063c 38754 7df43c6d0655 38753->38754 38756 7df43c6d064e 38753->38756 38755 7df43c6d068e free 38754->38755 38754->38756 38755->38756 38757 28a4dd7262c 38759 28a4dd7265f 38757->38759 38758 28a4dd7288e 38760 28a4dd72680 Thread32First 38759->38760 38764 28a4dd72738 38759->38764 38763 28a4dd72685 38760->38763 38761 28a4dd72771 SuspendThread 38761->38764 38762 28a4dd7272f CloseHandle 38762->38764 38763->38762 38764->38758 38764->38761 38765 28a4dd769b8 38766 28a4dd769d4 38765->38766 38767 28a4dd769d9 GetProcAddressForCaller 38766->38767 38768 28a4dd769e2 38766->38768 38767->38768 38769 28a4dd72978 38770 28a4dd7299e 38769->38770 38771 28a4dd729a6 VirtualProtect 38769->38771 38770->38771 38772 28a4dd729c1 38771->38772 38774 28a4dd729cb 38771->38774 38773 28a4dd72a0d VirtualProtect 38773->38772 38774->38773 38775 28a4dd7bef0 38776 28a4dd7bf19 38775->38776 38777 28a4dd7bf29 38776->38777 38778 28a4dd7bf47 LoadLibraryA 38776->38778 38778->38777 38779 7df43c6c8c38 SetErrorMode 38780 7df43c6c8c4c 38779->38780 38781 7df43c6cc8f2 socket 38780->38781 38782 7df43c6cc981 38781->38782 38783 7df43c6cc936 closesocket 38781->38783 38785 7df43c6cc987 socket 38782->38785 38783->38785 38786 7df43c6cc99f 38785->38786

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 00007DF43C661958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                                                                                                                                                                                  • String ID: H$H
                                                                                                                                                                                                                                                                                                  • API String ID: 874015164-136785262
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                                                                                                                                  • Instruction ID: c77dccead5adce7639216767d3dce2c76a4789f5e11097a155141f7aad2dd4e7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27B1537060CB888FE755DF18D885A9AB7E5FBD4344F000A2EE6CEC3251DB39E5458B86
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD83218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 0 28a4dd83218-28a4dd83274 call 28a4dd749e4 3 28a4dd8327a-28a4dd832db call 28a4dd76dfc * 3 call 28a4dd732fc call 28a4dd76dfc 0->3 4 28a4dd842bb-28a4dd842e1 call 28a4dd849f0 0->4 18 28a4dd842a8-28a4dd842a9 3->18 19 28a4dd832e1-28a4dd83bf4 3->19 20 28a4dd842ad-28a4dd842b6 call 28a4dd74a40 18->20 21 28a4dd83d49-28a4dd83d51 19->21 22 28a4dd83bfa-28a4dd83c05 19->22 20->4 24 28a4dd83d53-28a4dd83d58 21->24 25 28a4dd83dc4-28a4dd83dd5 21->25 22->21 26 28a4dd83c0b-28a4dd83c19 22->26 24->25 30 28a4dd83d5a-28a4dd83d64 RtlFormatCurrentUserKeyPath 24->30 28 28a4dd83dd7-28a4dd83def 25->28 29 28a4dd83e2e-28a4dd83e34 25->29 31 28a4dd83d44-28a4dd83d45 26->31 32 28a4dd83c1f-28a4dd83c27 26->32 28->29 48 28a4dd83df1-28a4dd83df9 28->48 34 28a4dd83e36-28a4dd83e37 29->34 35 28a4dd83e5f-28a4dd83e72 29->35 30->25 33 28a4dd83d66-28a4dd83d77 30->33 31->21 32->31 36 28a4dd83c2d-28a4dd83c45 32->36 38 28a4dd83d92-28a4dd83d9a 33->38 39 28a4dd83d79-28a4dd83d85 33->39 40 28a4dd83e39-28a4dd83e58 34->40 35->18 51 28a4dd83e78-28a4dd83e83 35->51 41 28a4dd83d38-28a4dd83d3c 36->41 42 28a4dd83c4b-28a4dd83c4c 36->42 43 28a4dd83d9c-28a4dd83db8 call 28a4dd71000 38->43 60 28a4dd83d87-28a4dd83d90 39->60 61 28a4dd83dbb-28a4dd83dbc 39->61 40->40 44 28a4dd83e5a-28a4dd83e5b 40->44 47 28a4dd83d3e-28a4dd83d3f 41->47 45 28a4dd83c4f-28a4dd83c5f 42->45 43->61 44->35 50 28a4dd83c71-28a4dd83c73 45->50 47->31 52 28a4dd83e0b 48->52 53 28a4dd83dfb-28a4dd83e09 48->53 56 28a4dd83c75-28a4dd83c7a 50->56 57 28a4dd83c61-28a4dd83c6f 50->57 51->18 58 28a4dd83e89-28a4dd83e97 51->58 52->29 59 28a4dd83e0d-28a4dd83e28 52->59 53->29 62 28a4dd83d05-28a4dd83d08 56->62 63 28a4dd83c80 56->63 57->50 58->18 64 28a4dd83e9d-28a4dd83ea5 58->64 59->29 60->43 61->25 65 28a4dd83d15-28a4dd83d24 62->65 66 28a4dd83d0a-28a4dd83d0e 62->66 67 28a4dd83c82-28a4dd83c89 63->67 64->18 68 28a4dd83eab-28a4dd83ecb calloc 64->68 65->45 70 28a4dd83d2a-28a4dd83d36 65->70 66->65 69 28a4dd83d10-28a4dd83d11 66->69 71 28a4dd83ca3-28a4dd83ccf 67->71 72 28a4dd83c8b-28a4dd83c9f 67->72 68->18 73 28a4dd83ed1-28a4dd83ef5 68->73 69->65 70->47 75 28a4dd83cf7-28a4dd83cf8 71->75 76 28a4dd83cd1-28a4dd83ce5 call 28a4dd84a1c 71->76 72->67 74 28a4dd83ca1 72->74 77 28a4dd84014-28a4dd8404f 73->77 78 28a4dd83efb-28a4dd83f0e 73->78 74->62 81 28a4dd83cfd-28a4dd83cfe 75->81 76->75 88 28a4dd83ce7-28a4dd83cf5 76->88 86 28a4dd840a7-28a4dd840b7 77->86 87 28a4dd84051-28a4dd84052 77->87 80 28a4dd83f10-28a4dd83f1a 78->80 83 28a4dd83fe5-28a4dd83ff7 80->83 84 28a4dd83f20-28a4dd83f24 80->84 81->62 83->80 89 28a4dd83ffd-28a4dd84012 83->89 84->83 90 28a4dd83f2a-28a4dd83f74 call 28a4dd84a30 84->90 86->18 99 28a4dd840bd-28a4dd840d3 86->99 91 28a4dd84054-28a4dd8405c 87->91 88->81 89->77 100 28a4dd83f88-28a4dd83f8a 90->100 93 28a4dd84089-28a4dd8409d 91->93 94 28a4dd8405e-28a4dd84063 91->94 93->91 98 28a4dd8409f-28a4dd840a0 93->98 94->93 97 28a4dd84065-28a4dd8406e 94->97 103 28a4dd84071-28a4dd84074 97->103 98->86 104 28a4dd840d5-28a4dd840d6 99->104 105 28a4dd84149-28a4dd8414f 99->105 101 28a4dd83f76-28a4dd83f86 100->101 102 28a4dd83f8c-28a4dd83fa2 100->102 101->100 106 28a4dd83fa4-28a4dd83fac 102->106 107 28a4dd83fe1 102->107 108 28a4dd84076 103->108 109 28a4dd8407d-28a4dd84087 103->109 112 28a4dd840d8-28a4dd840e3 104->112 110 28a4dd841a2-28a4dd841a9 105->110 111 28a4dd84151-28a4dd84155 105->111 106->107 115 28a4dd83fae 106->115 107->83 108->109 109->93 109->103 113 28a4dd84256-28a4dd84258 110->113 114 28a4dd841af-28a4dd841cf call 28a4dd732fc 110->114 116 28a4dd8415c-28a4dd84167 111->116 117 28a4dd840f4-28a4dd84108 112->117 118 28a4dd840e5-28a4dd840f2 112->118 122 28a4dd84284-28a4dd8428d 113->122 123 28a4dd8425a-28a4dd84264 113->123 133 28a4dd841e4-28a4dd841f8 call 28a4dd732fc 114->133 134 28a4dd841d1-28a4dd841e2 call 28a4dd735b8 114->134 121 28a4dd83fb0-28a4dd83fc9 call 28a4dd84a1c 115->121 124 28a4dd84189-28a4dd841a0 116->124 125 28a4dd84169-28a4dd84175 116->125 117->105 120 28a4dd8410a 117->120 118->117 132 28a4dd8410c-28a4dd8411b 118->132 120->112 141 28a4dd83fd5-28a4dd83fdb 121->141 142 28a4dd83fcb-28a4dd83fd1 121->142 122->20 130 28a4dd8428f-28a4dd842a6 call 28a4dd76e0c call 28a4dd7563c 122->130 123->122 129 28a4dd84266-28a4dd84280 123->129 124->110 124->116 125->124 131 28a4dd84177-28a4dd8417e 125->131 129->122 130->20 131->124 137 28a4dd84180-28a4dd84187 131->137 138 28a4dd8413c 132->138 139 28a4dd8411d-28a4dd8413a 132->139 133->113 152 28a4dd841fa-28a4dd8420b call 28a4dd735b8 133->152 134->133 151 28a4dd8420d-28a4dd84223 call 28a4dd82804 134->151 137->124 147 28a4dd84141-28a4dd84143 138->147 139->147 141->107 142->121 146 28a4dd83fd3 142->146 146->107 147->105 147->122 151->113 158 28a4dd84225-28a4dd84235 151->158 152->113 152->151 158->113 160 28a4dd84237-28a4dd84250 158->160 160->113
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                                                                                                                                                                  • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                                                                                                                                                                  • API String ID: 4207655178-84560671
                                                                                                                                                                                                                                                                                                  • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a9400f59dd1dfca201b8c0bc9f52a7bc2295f474cce8ec2637b8fed28ea012b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90A27B74519B888FE7B5DF1888887AAB7E4FB99701F104A2FD48EC3251DF71A5418B83
                                                                                                                                                                                                                                                                                                  Function 00007DF43C661CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                                                                                                                                                                                                  • String ID: -
                                                                                                                                                                                                                                                                                                  • API String ID: 167522227-2547889144
                                                                                                                                                                                                                                                                                                  • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                                                                                                                                  • Instruction ID: 783de88d5e9e6b05a93e8a0e0ad3622a9c223c691ebbfcc1f9ba8c98ce00e6f6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3491D73064CA994FFB56EB24C9946AB73F1FF94381F00452AD68BC3291DF79E8118782
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6725D4 Relevance: 6.0, APIs: 4, Instructions: 40nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750281572.00007DF43C671000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C671000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c671000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationQuerySystem$freemalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3337658969-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5036aa538db7167289477ad4aa071ea797a186ebfb300d711d1c5978a650c1de
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82014434658945CFF785EB25DC68B6677E1FBA4301F444829E44BC22A0DF7CE544CB41
                                                                                                                                                                                                                                                                                                  Function 0000028A4E1D1F40 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289487493.0000028A4E1D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000028A4E1D0000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_28a4e1d0000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Free$HeapVirtual
                                                                                                                                                                                                                                                                                                  • String ID: c
                                                                                                                                                                                                                                                                                                  • API String ID: 3783212868-112844655
                                                                                                                                                                                                                                                                                                  • Opcode ID: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                                                                                                                                                                  • Instruction ID: f76c99ad90260923e4f93a65b468dd6126e2797cf52b5d9f9ff2fc84a6240b8b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F2247346486544FFBACDA1CC489A7AB7D1FB95310F14815EE8EBC3242DE74E946CB82
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4417994ca82b92745ac97acb6a0244087026c4ed9a77114a50bc2e83c5373f8a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B319030208A088FEBA5EF28D8D879A77E5FB94310F50466AE45BC31D0DF74D945CB82
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C2E90 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationQuerySystem$malloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1603438391-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                                                                                                                                  • Instruction ID: b164af55c76a810b866a1bca2cd1806a7cca88c49429d9adc53d7838a5cade42
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65018C347599598FE798EB24EC58AA673F1FFE4301F448029E80BC22A0DF38E501CB42
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD83158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 294 28a4dd83158-28a4dd83171 295 28a4dd83173-28a4dd83176 294->295 296 28a4dd8317b-28a4dd8317e 294->296 297 28a4dd8320e-28a4dd83216 295->297 298 28a4dd8318a-28a4dd8319f 296->298 299 28a4dd83180-28a4dd83185 296->299 300 28a4dd831ab-28a4dd831da 298->300 301 28a4dd831a1-28a4dd831a5 298->301 299->297 302 28a4dd831ea 300->302 303 28a4dd831dc-28a4dd831e8 NtAcceptConnectPort 300->303 301->300 304 28a4dd831ef-28a4dd831f1 302->304 303->304 305 28a4dd831f3-28a4dd831fd 304->305 306 28a4dd8320c 304->306 307 28a4dd83205 305->307 308 28a4dd831ff-28a4dd83203 305->308 306->297 309 28a4dd8320a 307->309 308->309 309->306
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                  • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                  • Instruction ID: 78793828cf5a4c87184127a87f419ae63e85026fd03994c046afb37dd2bb2f5a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B621F07470A9484FFF50AE98888872976E0E79A302F50453FF91DD3250DE6699488742
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 397 28a4dd7262c-28a4dd72666 call 28a4ddb342c 400 28a4dd7266c-28a4dd72680 call 28a4ddb3426 Thread32First 397->400 401 28a4dd72738-28a4dd7273b 397->401 407 28a4dd72685-28a4dd7268a 400->407 402 28a4dd72741-28a4dd72749 401->402 403 28a4dd7288e-28a4dd728a1 401->403 402->403 405 28a4dd7274f-28a4dd72750 402->405 408 28a4dd72752-28a4dd7276b 405->408 409 28a4dd72690-28a4dd7269a 407->409 410 28a4dd72716-28a4dd72729 call 28a4ddb3420 407->410 415 28a4dd72771-28a4dd72788 SuspendThread 408->415 416 28a4dd7287e-28a4dd72888 408->416 409->410 417 28a4dd7269c-28a4dd726a6 409->417 410->407 418 28a4dd7272f-28a4dd72732 CloseHandle 410->418 419 28a4dd72796-28a4dd72798 415->419 416->403 416->408 417->410 425 28a4dd726a8-28a4dd726ae 417->425 418->401 421 28a4dd7279e-28a4dd727a2 419->421 422 28a4dd72873-28a4dd7287c 419->422 423 28a4dd727b0-28a4dd727b1 421->423 424 28a4dd727a4-28a4dd727ae 421->424 422->416 426 28a4dd727b4-28a4dd727b6 423->426 424->426 428 28a4dd726b0-28a4dd726d2 425->428 429 28a4dd726d6-28a4dd726dc 425->429 426->422 430 28a4dd727bc-28a4dd727d2 426->430 428->418 437 28a4dd726d4 428->437 431 28a4dd726de-28a4dd726f8 429->431 432 28a4dd72705-28a4dd72712 429->432 433 28a4dd727d4-28a4dd727e5 430->433 431->418 439 28a4dd726fa-28a4dd72702 431->439 432->410 435 28a4dd727fe 433->435 436 28a4dd727e7-28a4dd727ea 433->436 442 28a4dd72800-28a4dd7280a 435->442 440 28a4dd727ec-28a4dd727f5 436->440 441 28a4dd727f7-28a4dd727fc 436->441 437->432 439->432 440->442 441->442 443 28a4dd7280c-28a4dd7280e 442->443 444 28a4dd72862-28a4dd7286a 442->444 446 28a4dd728ad-28a4dd728b1 443->446 447 28a4dd72814-28a4dd72821 443->447 444->433 445 28a4dd72870-28a4dd72871 444->445 445->422 448 28a4dd728bf-28a4dd728cc 446->448 449 28a4dd728b3-28a4dd728bd 446->449 450 28a4dd7283d 447->450 451 28a4dd72823-28a4dd7282e 447->451 455 28a4dd728ce-28a4dd728da 448->455 456 28a4dd728e9-28a4dd728ed 448->456 449->448 452 28a4dd7283f-28a4dd72842 449->452 450->452 453 28a4dd72830-28a4dd7283b 451->453 454 28a4dd728a2-28a4dd728ab 451->454 452->444 457 28a4dd72844-28a4dd7285b 452->457 453->450 453->451 454->452 459 28a4dd728dc-28a4dd728e7 455->459 460 28a4dd728fb-28a4dd72903 455->460 456->450 458 28a4dd728f3-28a4dd728f6 456->458 457->444 458->452 459->455 459->456 460->452
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                  • Instruction ID: b3e2a712029fa77a3c76f44befcc11214d0a83538683ad1e52c541574a15801b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9191063420AA454BFF689F18D8593B97BE1FB55310F14819ED04AC7286DE76E842CBC2
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6F22CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750927624.00007DF43C6F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6F1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6f1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2248422592-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 484097379627125e126af0fc8993a87764f7a129ac00dcd1a2a265c0b9c7d254
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6E1933060CA588FEB59EF28D8985AA77E1FF98340F14463EE54BC3291DF38E9458B41
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 05c59286b5f6fbddff0fb7db7f7d26d84f2fa1c9207420ea0f9bbcf216fff248
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80224934619A540EEB6DDB2CD88A2B977D0F785301F24466FE4DBC2192EE74E507C782
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 841dd99bba908f364e05be182f1e1930852221015ad76cddd3822a225cbd5f39
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2081A43821BA498BFF66DF15D44876AB7D0EB94300F50D61BF46AD7284DEA6E804C783
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                  • Instruction ID: 906218819519c7778ef50dbdf2173deb59e77aef8b1acb33c8f973a0041f4592
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BF0B774A18B848FEB64EF2CD489B5977E0FB99300F50851AE84CC3245EE35A8408B86
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1fa99ed50c51e253d23287f897e159a03cdfb1a8ba36e95b4d366e52f5552ef9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBE092752096048FEB01DF98CCC5969B7E0EBE9304F414D2AE85ACA164D6B5E688C783
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                  • Instruction ID: b35eecf2258bb4b35ee8fa4712241e8c5cd077f75b6c1e8d43a646c7d1bc4be2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD05B38A197498BEB10EF28D5406097FE1F7DA314F54461DFC4493310EA7AE44087C7
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                  • Instruction ID: e8660c185ddb9acfbc4751c3b7b1ebdf87b1f6db7b849c651f2d015d1ed99507
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50D0A738A2AB898FEE50FB2C89007153FE1F7D6304F918618F449C3244EA2EE44083C7
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6581a839a3ab7b4e6a4b06c94044813d92602ddda10e3eb46ceba93621d7d18f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D05B38A197458FEB20EF28C440A097FE1FBDA314F54C619F88493321EA7AE4418787
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD82DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000028A4DD75367), ref: 0000028A4DD82DEC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                  • Instruction ID: 096a1cf649cdb06454ff32d8a2a20c6f9bf5399c97670de8ba2b13dfa205d27a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C08C1861B80B4BFD156A6E4CC471428C0E34E344F800000F414C2184FC5EE48053DB
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD8290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                  • Instruction ID: ff237df958f4004d23f6a0b4e97bf894cad102eca9eb5b247ab8ba087831f295
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AC08C08A5B80A4AFE077AAA8C8431438E8E34E300F800000E424C2180ED4EE4804393
                                                                                                                                                                                                                                                                                                  Function 00007DF43C661438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4069062851-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2fb478941c27b5593a62a65de97f722b9c98c8989078d929e55738df29eaa148
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29412E7051CA488BE756EB24D499BDBB3F1FB94341F004A2EE58BC3291EF79E5048B42
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD884C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 552242919-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2eef0307fef784cd0481285b58236fd74787161b5e390ceaab137a323349e760
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09410774219B488FE759EF28E858A6A77E1FB99300F51462EF05BD32A1DF38D405CB42
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C8C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket$ErrorModeclosesocket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2183620661-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                                                                                                                                  • Instruction ID: 154cdc00ecfc0f7ff6f06f206bdbbf8f924929dd000ae2eda94712dfee84dd3d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41653061C7488FE759EF28D8989AA77E1FB98301F50C62AE19BC33A1DF789545CB41
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID: rE\
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-988334199
                                                                                                                                                                                                                                                                                                  • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7213b4bd5f340544cc5109cc7bf09329055ab06f79b98b7e18f81027c864a368
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9111C13530A9494BFF45FB68A895BA972EAF7D8300F40552AA40BC3282DE69E9454782
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2553196624-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 09d50f02a69b0d19cbb5160651ddca2e33a963e352690614c36a83d808e40956
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E31D53521690C4FEF55FF20C8896EAB3E5FB94300F10852AE44BC3192EE71E9088782
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                                                                  • API String ID: 716092398-3110715001
                                                                                                                                                                                                                                                                                                  • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8932f1fc95f3bb9cc8eba36d1e28c3071720b31f78ca886f6d52aa25517ed4d3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D513270519B448FE765EF24D88A79AB7E4FB95311F10862EE49EC2290DF34A445CF83
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6747B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 311 7df43c6747b8-7df43c6747f0 call 7df43c671478 314 7df43c6747f6-7df43c67480e call 7df43c671538 311->314 315 7df43c674b0d-7df43c674b32 call 7df43c6755b0 311->315 314->315 320 7df43c674814-7df43c674845 call 7df43c671708 call 7df43c671740 call 7df43c671818 314->320 320->315 328 7df43c67484b-7df43c67485d 320->328 328->315 330 7df43c674863-7df43c674880 328->330 332 7df43c674958-7df43c674a0d call 7df43c67db48 call 7df43c6728d4 call 7df43c67db72 call 7df43c67db6c call 7df43c67db66 SendMessageA 330->332 333 7df43c674886-7df43c6748f6 call 7df43c67db48 * 3 330->333 375 7df43c674a12-7df43c674a18 332->375 352 7df43c674953-7df43c674956 333->352 352->332 354 7df43c6748f8-7df43c6748fb 352->354 356 7df43c674909-7df43c674921 calloc 354->356 357 7df43c6748fd-7df43c674901 354->357 360 7df43c674927-7df43c674945 call 7df43c6755d0 356->360 361 7df43c674a7e 356->361 357->356 359 7df43c674903-7df43c674907 357->359 359->356 363 7df43c674950-7df43c674951 359->363 370 7df43c67494b-7df43c67494c 360->370 371 7df43c674a5c-7df43c674a60 360->371 366 7df43c674a87-7df43c674a8a 361->366 363->352 368 7df43c674af5-7df43c674af6 366->368 369 7df43c674a8c-7df43c674a8f 366->369 380 7df43c674afe-7df43c674b08 call 7df43c672730 368->380 376 7df43c674a91-7df43c674ab4 call 7df43c67db48 369->376 377 7df43c674ade 369->377 372 7df43c67494e 370->372 373 7df43c674a6b-7df43c674a6f 371->373 374 7df43c674a62-7df43c674a66 371->374 372->363 373->372 378 7df43c674a75-7df43c674a79 373->378 374->372 375->380 381 7df43c674a1e-7df43c674a24 375->381 391 7df43c674ab6-7df43c674abc 376->391 392 7df43c674abe-7df43c674ad6 call 7df43c67db48 376->392 379 7df43c674ae0-7df43c674af3 377->379 378->372 379->366 379->368 380->315 381->380 384 7df43c674a2a-7df43c674a3e 381->384 384->380 390 7df43c674a44-7df43c674a57 call 7df43c6755d0 384->390 390->379 391->377 392->377
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750281572.00007DF43C671000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C671000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c671000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2453823186-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad8c1fecd6261033e1202a984e244bb387c5f07aa789bbd0fadfd39618a5c06b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8B1743169CA588BDB55EF24D5846AB73F1FF94340F504E2AE18BC3296DE38E905CB81
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C4290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2453823186-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4eac4a9b6659268e9bce6cd5bb4a007b6a0d905022afa48ff9168e29eb832f7d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2718130A4CA588FDB55EF28D9815AB33F1FF94340B50862AE54FC7296DA38E9018BC1
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD722D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 522 28a4dd722d4-28a4dd72303 GetSystemInfo 523 28a4dd72305-28a4dd72310 522->523 524 28a4dd72313-28a4dd72329 522->524 523->524 525 28a4dd7232f-28a4dd72332 524->525 526 28a4dd7234e-28a4dd72354 525->526 527 28a4dd72334-28a4dd72337 525->527 528 28a4dd723cf-28a4dd723d2 526->528 529 28a4dd72356-28a4dd72366 526->529 530 28a4dd72349-28a4dd7234c 527->530 531 28a4dd72339-28a4dd7233c 527->531 533 28a4dd7245e 528->533 532 28a4dd72395-28a4dd7239b 529->532 530->525 531->530 534 28a4dd7233e-28a4dd72343 531->534 535 28a4dd7239d 532->535 536 28a4dd72368-28a4dd7237f 532->536 537 28a4dd72460-28a4dd72463 533->537 538 28a4dd7246b-28a4dd72482 533->538 534->530 539 28a4dd724b1-28a4dd724c3 534->539 540 28a4dd7239f-28a4dd723a2 535->540 536->535 550 28a4dd72381-28a4dd72389 536->550 541 28a4dd72469 537->541 542 28a4dd723d7-28a4dd723f5 537->542 543 28a4dd72484-28a4dd7249e 538->543 540->528 545 28a4dd723a4-28a4dd723c4 VirtualAlloc 540->545 541->539 547 28a4dd72437 542->547 548 28a4dd723f7-28a4dd7240e 542->548 543->543 546 28a4dd724a0-28a4dd724ab 543->546 545->538 551 28a4dd723ca-28a4dd723cd 545->551 546->539 549 28a4dd72439-28a4dd7243c 547->549 548->547 555 28a4dd72410-28a4dd72418 548->555 549->539 553 28a4dd7243e-28a4dd7245c 549->553 550->540 554 28a4dd7238b-28a4dd72393 550->554 551->528 551->529 553->533 554->532 554->535 555->549 556 28a4dd7241a-28a4dd72435 555->556 556->547 556->548
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocInfoSystemVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3440192736-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 162ce25b09fa772afdbc0922ca474a16c5b484d752c87558c81800dd532a33c0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D51F33421AE4D4FFB55EE6C944C3697AD1F7A8304F4081AFE449C7195EEB6E8818782
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseFileHandleView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3964672402-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4194073e72cf40d8f50b93a4c5911570bf24d4a959d766cd4f1988fe4e5b7214
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B4171352169088FFB45FF68D889BA673D4FB95301F10466BA40BC2196DF75F841CB82
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD72978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                  • Instruction ID: 83b31290eca0b6d47dbc5496b9a621510a55236837a23f9f99963bd0924e7da4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8431482120DA844BEB209F3CD8987953FD1FB5A310F5542DAE89DC72C9DF98D802C386
                                                                                                                                                                                                                                                                                                  Function 00007DF43C691D6C Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750454261.00007DF43C691000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C691000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c691000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f38bc173311d6ed7acd9241e14fb2c6f98ad2775c7ebba7821b6506f4053fa3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0b75e40b54f532896d3558f747e3e34631e1bead35ef4829b489e22bd620d147
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f38bc173311d6ed7acd9241e14fb2c6f98ad2775c7ebba7821b6506f4053fa3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 292124316485A547EB298B28D994672B3F1FF90380F24053BEA4FC7395C76AE9068245
                                                                                                                                                                                                                                                                                                  Function 00007DF43C671740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750281572.00007DF43C671000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C671000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c671000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ff874e80ef9c1f339e302baf05d79e26515fe46c8a61252865b80e4443e543e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7821023168866547EB199B2CC6857B3B3F5FF90780F140A2BE64FC7385D66EE8018245
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6612C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2db49a03b19b13480b4c13b22825a151ee600d8fa420928213b61d8698e22ff4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F2124316486A547FB199B2CC990676B3F1FF90380F14013BEB8BD7B85D66AF8218284
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                                                                                                                                  • Instruction ID: f1e4f5ccb822064ff40695c43ac035a73996b3e90b0d399cb52bbc5633195c59
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE21053154856547DB199B2C8694673B3F1FF90380F14813BE64FC7384D66AE821C2A1
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6F12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750927624.00007DF43C6F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6F1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6f1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c28a8eb4d17119daf4ab0171c2f6275f84e12e695a53837f5406ec0baf2d972
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D21023264C5A547EB198B2CC980676B3F1FF903C0F14013BEB4BC7B85D6AAE8018284
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7A9D4 Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                  • Instruction ID: 09886af484451f63772d5ef052ed5267f831631e7227a3cc32cc9ed224acb0a9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EF01D78612E0A4FEB94EF19C49876173E4FB58305FA4456A9409C2590DBB59C54CB02
                                                                                                                                                                                                                                                                                                  Function 0000028A4DDB4C3C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 923be9c1e114749795ba0e37161437da720fc0e0ef8d9f3f94b8facb683a30ce
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0F06D60212D0A4FFFD4EB698898F3533D4EB58359F609255990AC6195DF62EC82C741
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac90eabfca12da56ee7e853410f27a974e7e85547c6e50d0ee183cdd3c9d7f45
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC71E83520AB048FFBA9EB1CD885A6573E1FB94710F10865EE48BC3191EE71F946C786
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6615E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileMappingOpen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1680863896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a1ffa52e5790e5e9bc1689cb67948fe9c3a5818f21effedf43cbda8fbe23e38
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2871847065C7984FE765DB29D4857ABB7E1FB94300F000A3EE5CFC2252EA34A9118B82
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD76C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 895a8510c49a4f07d8d0fef2abc42fc8104f3a0cda520015bc2316da96c509ed
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941BB382169080BFF99F738DC9A7E973D5E794310F4486ABA416C31D2EEA6E5054743
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD777DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                  • Instruction ID: cd25991cc58683794f6654a1594f880fad55433ef2b10f63c98c7c591e4407b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD4156751197488BE75AEF24C8997DBB3E0FB94301F408A5EF09AC3191EFB5A508CB42
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6734A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750281572.00007DF43C671000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C671000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c671000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: EventHook
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3661607649-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7805310f4159748d8f4f97f699f5b08e27b3554aaf385da5ae2d276a6dbbd42d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47318E31598A598FEB55EB25C589AB677F0FFA4350F100A3AE14FC2291DB38A841CB41
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                  • Instruction ID: a4903764bf0f10f3c2d6b27a58e3e2704478412030fea6837cd4da25cfe8153e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B018471205A0C8FEB45EF18D8C59A9B3E9FBD8314F50462AE84AC2150EF75EA198782
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD72908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                  • Instruction ID: c92494f2b364024fcd10e91bf9c9ccc2f77f573a7591dcba21fc9bbb37387815
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1101F23564A9098FFB54AB29DC8862637E1EB89311B4880A5E80EC3154DF3AA841CB41
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C3CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: EventHook
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3661607649-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                                                                                                                                  • Instruction ID: c83ec248510d4a7814851ed0d30674cb50d60a50fcb79e9e9f3a833218ef663c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D11AD7485CA659AE756BB2089947EB72F0FF94394F50963ED24BC12D2DB2CB0058A82
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a04fdbcf9e3673a28ea581e5c41b9b0efd213909b6e254fadd05923a0153b05
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901F43421AA4C0FFF85EB38C85977A76D6EF54300F00C5BBA04AC32D1EE6AD8088742
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD72B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                  • Instruction ID: fcc5e8d88959a4dcb56f692fb9322b9917f2963fdafb97203bb8fb52be7383f8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F0E56960BA498FFF54AFB6AC8C3262655D384312FA4897BD005C7184DDBBA8414342
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD769B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5cb45f7ef270cebd53467418bf39d08b449d87d7d6042aebbff9a523d6b4bed2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45E0C211706C190BBFA861AE248C6B651C6C7DC17371442BFE41DC3295ED91CC814391
                                                                                                                                                                                                                                                                                                  Function 00007DF43C691D34 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750454261.00007DF43C691000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C691000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c691000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c9293ce4b305ba9868cbd6c67d8039fb85aeebd9cc4eecdb21d56eb0f10a1afb
                                                                                                                                                                                                                                                                                                  • Instruction ID: f95386d37c6eec5faaa2be37c85853d195ea1b00b3e9197a5edf5c29b21a61fe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9293ce4b305ba9868cbd6c67d8039fb85aeebd9cc4eecdb21d56eb0f10a1afb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85E0BF305549095BEFA8D61DCA4979036E0EB5C34AF644269D505C9291CB3A949BCF41
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD774F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                  • Instruction ID: c99c75187487f46019c50f522471625b7a9ac462ecef3d8cb5cd2dedc598d783
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B391933421AA099FEF55EF18D489BEA73E1FB54300F40856AF44AC7196DE71F845CB82
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD73C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                  • Instruction ID: b5e70fdbda32d6a2d14a97c5d99fa243f4e94515bdd204c5672fae4ce9190ce3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E04F341029054BEFA8DB1DC84D35036D0E798306F6082A9D405C9291CF7AD8ABCF86
                                                                                                                                                                                                                                                                                                  Function 00007DF43C671708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750281572.00007DF43C671000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C671000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c671000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 164989deb314c92e215446a15ff5571261982829d87d6002ee2994c9d2d018bd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03E04F305809054BEBA8D72DC94975036E0EB58306F60426AD509CA291CB3E949BCF81
                                                                                                                                                                                                                                                                                                  Function 00007DF43C661290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000003.2289027914.00007DF43C661000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C661000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_3_7df43c661000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                  • Instruction ID: 46af89ee3fb0716ae094444e48ab5ec8aafa5b2a8389afac823d5df23c3172ee
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCE04F309449055BEB98D61DC9097503AE0FB5830AF604669D605C9291CB7AD4EBCF81
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6C1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                                                                                                                                  • Instruction ID: 811130dd6e6917abc30c2c5fa8bd1560b09f02c1e7cba34d159810f2c5f2029a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96E04F305409094BEB98D61DC94979036E0EB58306FA08269D505CA291CB3A94ABCF81
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6F1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750927624.00007DF43C6F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6F1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6f1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                  • Instruction ID: d70dd944d194e69285f72d3030c0b60d34821b963616e999babbb2a37dc55666
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7E04F309449054BEB98D65DC949B5036E0EB5C316F604669D605C9291CB3AD8DBCF81
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction ID: c8a7e64e21758985b082cdd839619478b92cbe3b6d35e2fc906d71a9f30ea195
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19D0A710322D0E0BFF88633D5C99B2511C6E7CC221F50457BB41AC2281ED95CC550301
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6944A0 Relevance: 1.5, APIs: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750454261.00007DF43C691000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C691000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c691000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FunctionProtectTableVirtualcalloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3747249976-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6b71dfc2cbd5ba739f6f7b0256be270801430969798fe76103fb86eb28e0e6d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b10e092eac57201868390751fad4ac7c65b7c254b76a6a33557388da50270f6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b71dfc2cbd5ba739f6f7b0256be270801430969798fe76103fb86eb28e0e6d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F881F530658A594FEB56EF28C8956B777E1FF98340B10852AC58FC7291DE39E801CB81
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7C994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6718c293764d44dea6977120a74753556020f8ff3a2de10be5ea534e86824dc5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1991353551AB484FEB65EF54C8897EAB3E1FB94300F40496FE08AC3191EE76A545C783
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD7A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 54ef9d1b93df7a25594d45ba55950e44303d7bd2f3f066486973d8c373a12f47
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38416F35219D0E8FEB84EF2CD888AA5B7E0FB68311711466BD409C3664DF71E8858BC1
                                                                                                                                                                                                                                                                                                  Function 0000028A4DD8DBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                                                                                                                                  • Instruction ID: cf320fbb20eb91cc87133daeea30e2942ff7b0a46b0a5c3e920def51a2c39873
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 591180342029198FFF769F69889876532E0EB58326F14417BE81ADB1D9CFB1AC44C792
                                                                                                                                                                                                                                                                                                  Function 00007DF43C6D063C Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2750757224.00007DF43C6C1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF43C6C1000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_7df43c6c1000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                                                                                                                                  • Instruction ID: 116421347a1537800a983793b5dbcf5fd3804137de71a60b1fe607e2fd603451
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89118430644D658FFF669F6885987A636E1EF98351F04027BFA0ECA2D9CB349C40C791

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 0000028A4DD75681 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000023.00000002.2746593262.0000028A4DD71000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028A4DD71000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_35_2_28a4dd71000_wmprph.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 46f39a1caba51f2392e4203d71549bbbb561b12e12bce2dcc898a4893020b657
                                                                                                                                                                                                                                                                                                  • Instruction ID: f912c0fd916eb3c750fe17f7e44ab88fdbdd1fadbb27168497c5f6c9a0a8f4be
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f39a1caba51f2392e4203d71549bbbb561b12e12bce2dcc898a4893020b657
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0B01120E28A0082E3080E0AB802332F2B0C30B302F0030302000F3220C828CC00028F

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                  Signature Coverage:1.4%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:220
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                                                  execution_graph 13809 26d8d237ef0 13810 26d8d237f14 socket 13809->13810 13812 26d8d237f2c 13809->13812 13811 26d8d237f47 13810->13811 13810->13812 13811->13812 13814 26d8d237b00 13811->13814 13815 26d8d237b32 13814->13815 13816 26d8d237b55 CreateIoCompletionPort 13815->13816 13819 26d8d237b3d 13815->13819 13817 26d8d237b6d 13816->13817 13818 26d8d237ba2 SetFileCompletionNotificationModes 13817->13818 13817->13819 13818->13819 13819->13812 13820 26d8d212690 13823 26d8d2128d4 13820->13823 13824 26d8d2126a2 13823->13824 13825 26d8d2128dd 13823->13825 13825->13824 13826 26d8d212944 SetErrorMode 13825->13826 13827 26d8d212955 13826->13827 13829 26d8d213970 13827->13829 13830 26d8d213991 13829->13830 13836 26d8d213ae9 13830->13836 13837 26d8d213544 13830->13837 13833 26d8d2139c2 13833->13836 13841 26d8d21376c 13833->13841 13834 26d8d213a5e 13835 26d8d213ad3 NtQuerySystemInformation 13834->13835 13834->13836 13835->13836 13836->13824 13838 26d8d21356d 13837->13838 13839 26d8d213637 GetVolumeInformationW 13838->13839 13840 26d8d213672 13838->13840 13839->13840 13840->13833 13842 26d8d21379e 13841->13842 13843 26d8d21387e CreateFileMappingW 13842->13843 13844 26d8d2138b8 MapViewOfFile 13843->13844 13845 26d8d2138db 13843->13845 13844->13845 13845->13834 14017 26d8d212ad2 14018 26d8d212ae7 14017->14018 14019 26d8d212b07 14018->14019 14020 26d8d2146c4 2 API calls 14018->14020 14020->14019 14051 26d8d239554 14052 26d8d23955e 14051->14052 14053 26d8d239578 14051->14053 14052->14053 14055 26d8d237fe0 14052->14055 14058 26d8d237ef0 14055->14058 14057 26d8d238011 14057->14053 14059 26d8d237f14 socket 14058->14059 14061 26d8d237f2c 14058->14061 14060 26d8d237f47 14059->14060 14059->14061 14060->14061 14062 26d8d237b00 2 API calls 14060->14062 14061->14057 14062->14061 13850 26d8d212874 13851 26d8d21288e 13850->13851 13852 26d8d212893 LoadLibraryA 13851->13852 13853 26d8d212898 13851->13853 13852->13853 13995 26d8d215454 13996 26d8d21546a 13995->13996 13997 26d8d2154c9 13995->13997 13997->13996 13999 26d8d2153d4 13997->13999 14000 26d8d215416 13999->14000 14001 26d8d2153d9 13999->14001 14000->13996 14001->14000 14002 26d8d2146c4 2 API calls 14001->14002 14002->14000 13858 26d8d2130d8 13861 26d8d21310b 13858->13861 13859 26d8d213118 13863 26d8d21311d 13859->13863 13868 26d8d2146c4 13859->13868 13861->13859 13864 26d8d212b70 13861->13864 13867 26d8d212b86 13864->13867 13872 26d8d213dc4 13867->13872 13871 26d8d2146d6 13868->13871 13870 26d8d2146ef 13870->13863 13871->13870 13876 26d8d214634 13871->13876 13873 26d8d212ef1 13872->13873 13874 26d8d213dd7 13872->13874 13873->13859 13874->13873 13875 26d8d213dea free 13874->13875 13875->13873 13877 26d8d21464f 13876->13877 13882 26d8d21466c 13877->13882 13884 26d8d218110 13877->13884 13879 26d8d213dc4 free 13883 26d8d2146a4 13879->13883 13880 26d8d214660 13881 26d8d213dc4 free 13880->13881 13881->13882 13882->13879 13883->13870 13886 26d8d218119 13884->13886 13887 26d8d2181d2 13884->13887 13885 26d8d2180cc free 13885->13887 13889 26d8d2181a3 13886->13889 13890 26d8d2180cc 13886->13890 13887->13880 13889->13885 13889->13887 13891 26d8d2180d1 13890->13891 13892 26d8d2180e7 13890->13892 13891->13892 13894 26d8d220e88 13891->13894 13892->13889 13895 26d8d220e91 13894->13895 13897 26d8d220fbd 13894->13897 13896 26d8d220faf free 13895->13896 13895->13897 13896->13895 13897->13892 13956 26d8d213478 13957 26d8d21348b 13956->13957 13959 26d8d2134e6 13957->13959 13960 26d8d214918 13957->13960 13962 26d8d21493e 13960->13962 13961 26d8d214946 13961->13959 13962->13961 13963 26d8d2146c4 2 API calls 13962->13963 13963->13961 13898 26d8d236f3c SetErrorMode 13899 26d8d236f50 13898->13899 13900 26d8d23a516 socket 13899->13900 13901 26d8d23a5a3 socket 13900->13901 13902 26d8d23a55a getsockopt 13900->13902 13904 26d8d23a5c3 13901->13904 13902->13901 13905 26d8d2131dc 13906 26d8d2131f9 13905->13906 13907 26d8d213203 13906->13907 13910 26d8d213218 13906->13910 13908 26d8d2146c4 2 API calls 13907->13908 13909 26d8d21320b 13908->13909 13914 26d8d214350 13910->13914 13912 26d8d2132a7 13918 26d8d214864 13912->13918 13915 26d8d214368 13914->13915 13921 26d8d219d58 13915->13921 13917 26d8d2143c0 13917->13912 13929 26d8d217fcc 13918->13929 13920 26d8d214877 13920->13909 13922 26d8d219d80 13921->13922 13924 26d8d219d8c 13922->13924 13925 26d8d219b84 13922->13925 13924->13917 13926 26d8d219b9b 13925->13926 13927 26d8d2180cc free 13926->13927 13928 26d8d219bae 13926->13928 13927->13928 13928->13924 13930 26d8d217fdc 13929->13930 13932 26d8d217ff9 13929->13932 13930->13932 13933 26d8d217f9c 13930->13933 13932->13920 13934 26d8d217faa 13933->13934 13936 26d8d217fc0 13933->13936 13934->13936 13937 26d8d21f1f4 13934->13937 13936->13930 13938 26d8d21f208 13937->13938 13943 26d8d21f270 13937->13943 13939 26d8d21f247 13938->13939 13940 26d8d21f352 13938->13940 13938->13943 13939->13943 13944 26d8d21a6d4 13939->13944 13940->13943 13948 26d8d219aac 13940->13948 13943->13936 13945 26d8d21a70d 13944->13945 13947 26d8d21a742 13944->13947 13945->13947 13952 26d8d219894 13945->13952 13947->13943 13949 26d8d219ac6 13948->13949 13950 26d8d2180cc free 13949->13950 13951 26d8d219af6 13949->13951 13950->13951 13951->13943 13953 26d8d2198bc 13952->13953 13955 26d8d2198a8 13952->13955 13954 26d8d220e88 free 13953->13954 13953->13955 13954->13955 13955->13947 13846 26d8d2128a0 13847 26d8d2128bc 13846->13847 13848 26d8d2128c1 GetProcAddressForCaller 13847->13848 13849 26d8d2128ca 13847->13849 13848->13849 13968 26d8d214480 13969 26d8d21449a 13968->13969 13970 26d8d2144da 13969->13970 13972 26d8d214224 13969->13972 13973 26d8d21423b 13972->13973 13974 26d8d21429c 13972->13974 13973->13974 13976 26d8d21aacc 13973->13976 13974->13970 13977 26d8d21aaec 13976->13977 13981 26d8d21acb8 13976->13981 13977->13981 13985 26d8d219ef4 13977->13985 13980 26d8d217fcc free 13982 26d8d21ab18 13980->13982 13981->13973 13982->13981 13983 26d8d219b84 free 13982->13983 13984 26d8d217fcc free 13982->13984 13983->13982 13984->13982 13986 26d8d219f04 13985->13986 13988 26d8d219f5e 13985->13988 13986->13988 13989 26d8d219eac 13986->13989 13988->13980 13988->13981 13988->13982 13990 26d8d219ee7 13989->13990 13991 26d8d219eba 13989->13991 13990->13988 13991->13990 13993 26d8d219b84 free 13991->13993 13994 26d8d219ed1 13991->13994 13992 26d8d217fcc free 13992->13990 13993->13994 13994->13990 13994->13992 14025 26d8d215540 14026 26d8d21555e 14025->14026 14027 26d8d2153d4 2 API calls 14026->14027 14028 26d8d21558a 14026->14028 14027->14028 14073 26d8d2395a4 14074 26d8d2395d6 14073->14074 14075 26d8d2395b3 14073->14075 14075->14074 14077 26d8d238024 14075->14077 14078 26d8d237ef0 3 API calls 14077->14078 14079 26d8d23806d 14078->14079 14079->14074 13854 26d8d220e88 13855 26d8d220e91 13854->13855 13857 26d8d220fbd 13854->13857 13856 26d8d220faf free 13855->13856 13855->13857 13856->13855 14003 26d8d21330c 14004 26d8d213378 14003->14004 14005 26d8d21331e 14003->14005 14005->14004 14007 26d8d215774 14005->14007 14008 26d8d21579b 14007->14008 14009 26d8d215779 14007->14009 14008->14005 14009->14008 14011 26d8d2155e0 14009->14011 14012 26d8d21560c 14011->14012 14013 26d8d214918 2 API calls 14012->14013 14016 26d8d2156b1 14012->14016 14014 26d8d215697 14013->14014 14015 26d8d2153d4 2 API calls 14014->14015 14014->14016 14015->14016 14016->14008 14029 26d8d212f2c 14032 26d8d212f46 14029->14032 14033 26d8d213043 14029->14033 14030 26d8d2146c4 2 API calls 14031 26d8d213041 14030->14031 14032->14031 14032->14033 14034 26d8d212fc9 14032->14034 14033->14030 14034->14031 14036 26d8d215ce8 14034->14036 14040 26d8d215d04 14036->14040 14043 26d8d215d86 14036->14043 14037 26d8d215d81 14037->14031 14038 26d8d215d79 14039 26d8d2146c4 2 API calls 14038->14039 14039->14037 14040->14038 14041 26d8d2153d4 2 API calls 14040->14041 14041->14040 14043->14037 14044 26d8d21587c 14043->14044 14045 26d8d2158c3 14044->14045 14050 26d8d21594e 14044->14050 14046 26d8d2158cc 14045->14046 14047 26d8d215b2c 14045->14047 14049 26d8d2153d4 2 API calls 14046->14049 14046->14050 14048 26d8d2155e0 2 API calls 14047->14048 14047->14050 14048->14050 14049->14050 14050->14043 14063 26d8d219f6c 14064 26d8d219f86 14063->14064 14068 26d8d219fab 14063->14068 14065 26d8d219ef4 free 14064->14065 14064->14068 14066 26d8d219f95 14065->14066 14067 26d8d217fcc free 14066->14067 14066->14068 14067->14068

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 0000026D8D213970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Information$QuerySystemVolume
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2187445334-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 12880ea8ce056efdd30c745f3fbaa677e30fa66ce715b4540f1e9643682f7c60
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7918130614E0D4FEB65EB24C89D7EA77E1FF64311F104A2AA45BC31E1EE39E5468781
                                                                                                                                                                                                                                                                                                  Function 0000026D8D212B70 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 273 26d8d212b70-26d8d212c61 call 26d8d213c58 call 26d8d211030 call 26d8d211914 call 26d8d211488 call 26d8d2116a0 call 26d8d211488 call 26d8d2111dc call 26d8d211488 call 26d8d2111dc call 26d8d211488 call 26d8d2111dc 297 26d8d212e66-26d8d212e81 call 26d8d211488 call 26d8d2117dc 273->297 298 26d8d212c67-26d8d212c6f call 26d8d242856 273->298 307 26d8d212e86-26d8d212ea2 297->307 301 26d8d212c74-26d8d212c79 298->301 303 26d8d212c80-26d8d212c9c 301->303 304 26d8d212c7b-26d8d212c7e 301->304 306 26d8d212cad-26d8d212caf 303->306 322 26d8d212c9e-26d8d212cab call 26d8d242856 303->322 304->303 304->306 309 26d8d212cb1-26d8d212cb4 306->309 310 26d8d212cc5-26d8d212cc8 306->310 316 26d8d212ea4-26d8d212ee4 call 26d8d214b34 call 26d8d215ee6 307->316 317 26d8d212ee7-26d8d212eec call 26d8d213dc4 307->317 309->297 313 26d8d212cba-26d8d212cc3 309->313 310->297 311 26d8d212cce-26d8d212cd1 310->311 314 26d8d212cd3-26d8d212cda 311->314 313->310 320 26d8d212cde-26d8d212ce4 314->320 321 26d8d212cdc 314->321 316->317 324 26d8d212ef1-26d8d212efc 317->324 320->314 325 26d8d212ce6-26d8d212d07 call 26d8d211488 call 26d8d2117dc 320->325 321->320 322->306 335 26d8d212d09-26d8d212d10 325->335 336 26d8d212e4f-26d8d212e55 335->336 337 26d8d212d16-26d8d212e4a call 26d8d211914 call 26d8d211488 call 26d8d215eec call 26d8d211488 * 2 call 26d8d215eec call 26d8d211488 * 2 call 26d8d215eec call 26d8d211488 * 2 call 26d8d215eec call 26d8d211488 * 2 call 26d8d2116a0 call 26d8d211488 call 26d8d215eec call 26d8d211488 335->337 336->335 338 26d8d212e5b-26d8d212e64 336->338 337->336 338->307
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                                                                                                                                  • Instruction ID: f09cc769dbb1566c44da549975f37c71c319ac0a11634f0aa7d73061fb73f6a5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BB14431718A4C4BEB56EB24D499BDB73E1FF94304F008629A49BC71D6DE39F6068B81
                                                                                                                                                                                                                                                                                                  Function 0000026D8D236F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 552242919-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c51fecb49fe03e816b784ce9a7adfad427667f2c1be1f1df1dda07e2ee28ac8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3413F70618A488FE758EF28D89DA9A77E1FB99300F508669E087C72E1DF39D505CB41
                                                                                                                                                                                                                                                                                                  Function 0000026D8D21376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3452162329-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                                                                                                                                  • Instruction ID: 71d0ab6c9289cab2798152e834bf34758c786079c38255dc5a63d6f0a3e05622
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1451733161CB888BD725EB64C4897EAB7E0FB95311F40452FA4DAC31D1DE39D5068B92
                                                                                                                                                                                                                                                                                                  Function 0000026D8D237B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                                                                                                                                  • Instruction ID: 42e8eb5f4d5d3a22075acb1c236f7481b7c7232f6de37187b426ca492e54b19f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5431C430B0451C4BFF7C9B28989C76932E6FF54719F5000A9E807CB1E2DB2ACC438691
                                                                                                                                                                                                                                                                                                  Function 0000026D8D213544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1caea25e2d7177df909f93e75ff6991d334dbb0722f9e83d4cee1dbc79be705d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D51017161C7888BD76AEF24C4997EBB7E1FB94301F504A2EA0CAC31E1DF7995058B42
                                                                                                                                                                                                                                                                                                  Function 0000026D8D237EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 951d472c0b57f66e6087f8ef0e93452e7f5c59bfc36b5a16d9c8c492ffb56524
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21B5307145084FEB6CAB38988D76933D1FF54729F104669E82ACB2E1DB398C428691
                                                                                                                                                                                                                                                                                                  Function 0000026D8D2128D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                                                                                                                                  • Instruction ID: 60f5e8dac55568a3579d8f2c4d161edf6c3a05c2cf64f0c0308dce159ed10a6e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03018430B54A0D0AEF69F378485E37D22D7EFD4310F4441287806D31D2FE1EE9064681
                                                                                                                                                                                                                                                                                                  Function 0000026D8D2128A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4faf0a7434b0d5bda6dcc1514df96bdf1c0e536b24c052c40d546971bc5c25f2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECE0C221B04C0D0BEFB861AE248C77A51C6CBDC272704427BF41CC32D5ED15CC5203A0
                                                                                                                                                                                                                                                                                                  Function 0000026D8D212874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 225 26d8d212874-26d8d212891 call 26d8d211994 228 26d8d212893-26d8d212896 LoadLibraryA 225->228 229 26d8d212898-26d8d21289e 225->229 228->229
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction ID: 68915ee4b2119b3de050fd30acd9f577760c7bd447c97723d2d6a290c2fff4de
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14D0A720720D0E1BEE586B3D1C9D37911C5EBDC325F50513AB409C32C5E96DCC560310
                                                                                                                                                                                                                                                                                                  Function 0000026D8D220E88 Relevance: 1.4, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e591c870a7255796739ff2808ef143751c69e263355506a62e04b7b2ca752ac
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5bf76e0a966084ea57762825ba7a0499f0fdccd4489c63f1c15eef022bc3378d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e591c870a7255796739ff2808ef143751c69e263355506a62e04b7b2ca752ac
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47416430714E0D5FEAF4EB68859CB69B2A5FF58311F904069A51EC32C6DF6DDC528780
                                                                                                                                                                                                                                                                                                  Function 0000026D8D213DC4 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 268 26d8d213dc4-26d8d213dd5 269 26d8d213df3-26d8d213df7 268->269 270 26d8d213dd7-26d8d213ddc 268->270 270->269 271 26d8d213dde-26d8d213de8 270->271 271->269 272 26d8d213dea-26d8d213ded free 271->272 272->269
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000026.00000002.2746280536.0000026D8D210000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026D8D210000, based on PE: false
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_38_2_26d8d210000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bb9af5f188e999aaccca2217ef087a27173e4940b7bf12038dcab6bea12f3e1c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 69488f353f7d5b643ec3e0f70cf3835f68e9bc52b40c24cad212d1ccf9bd2ac6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb9af5f188e999aaccca2217ef087a27173e4940b7bf12038dcab6bea12f3e1c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CE0EC3061590E8FEF69BB38989D75432E6FB19304F9504649007C31D0DA7FD597C744